From 9307ab926afbe89fd8e61ffec8dd95a500c18f33 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Thu, 8 Aug 2024 13:54:06 -0700 Subject: [PATCH 01/16] Leverage latest code quality improvements in Eurydice etc. --- .docker/c/install.sh | 12 +- libcrux-ml-kem/c.yaml | 5 + libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/internal/libcrux_core.h | 46 +- .../c/internal/libcrux_mlkem_avx2.h | 34 +- .../c/internal/libcrux_mlkem_portable.h | 34 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 40 +- libcrux-ml-kem/c/libcrux_core.c | 57 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 70 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2915 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 263 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 10 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 1003 +++++- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 92 +- libcrux-ml-kem/c/libcrux_sha3.h | 65 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 921 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 82 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 41 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 41 +- 37 files changed, 4355 insertions(+), 2131 deletions(-) diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 666d4fc60..596d0c366 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,24 +25,24 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/3f6d1c304e0e5bef1e9e2ea65aec703661b05f39.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/53530427db2941ce784201e64086766504bc5642.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-3f6d1c304e0e5bef1e9e2ea65aec703661b05f39/ charon +mv charon-53530427db2941ce784201e64086766504bc5642/ charon -curl -L https://github.com/FStarLang/karamel/archive/fc56fce6a58754766809845f88fc62063b2c6b92.zip \ +curl -L https://github.com/FStarLang/karamel/archive/2bd16e63cfbfa2b81d3c45d597b811ca2a12d430.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-fc56fce6a58754766809845f88fc62063b2c6b92/ karamel +mv karamel-2bd16e63cfbfa2b81d3c45d597b811ca2a12d430/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/392674166bac86e60f5fffa861181a398fdc3896.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/05ade3c33b87927d9873736212cc5078c1fc3d69.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-392674166bac86e60f5fffa861181a398fdc3896/ eurydice +mv eurydice-05ade3c33b87927d9873736212cc5078c1fc3d69/ eurydice echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 54dea4797..3a8f6001d 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -230,3 +230,8 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 89de62066..7de2127cd 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 +Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 1bfc0666f..50f0155c0 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_core_H @@ -78,6 +78,9 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( uint8_t value[1568U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -116,6 +119,9 @@ with const generics libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( uint8_t value[1568U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -139,6 +145,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -159,6 +168,9 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( uint8_t value[1184U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -197,6 +209,9 @@ with const generics libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( uint8_t value[1088U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -220,6 +235,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -240,6 +258,9 @@ with const generics libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( uint8_t value[800U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -278,6 +299,9 @@ with const generics libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( uint8_t value[768U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -289,6 +313,9 @@ with const generics uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -320,6 +347,9 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -340,6 +370,9 @@ with const generics Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -348,6 +381,9 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index b400ee5e8..5a5776797 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -49,6 +49,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -185,6 +193,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -321,6 +337,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7e3c47929..370d96d3b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -55,6 +55,14 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -195,6 +203,14 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -335,6 +351,14 @@ generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index f57c7bd3f..545a20b77 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c2e703c10..46a061db9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,11 +24,17 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -36,6 +42,9 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -70,6 +79,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -167,6 +182,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -174,6 +192,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -181,11 +202,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -193,6 +220,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 4aaba94d8..e2b08b63e 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,6 +28,10 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; for (size_t i = (size_t)0U; @@ -43,6 +50,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -96,6 +107,9 @@ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -149,6 +163,9 @@ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -177,6 +194,9 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -213,6 +233,9 @@ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -266,6 +289,9 @@ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -294,6 +320,9 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -330,6 +359,9 @@ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -382,6 +414,9 @@ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -395,6 +430,9 @@ uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -433,6 +471,9 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -466,6 +507,9 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -484,6 +528,9 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index a389c7bb3..c9cbb548b 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index f2f030801..7769b768b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index b520aad16..638100d27 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_d8( libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( decapsulate_d8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_b2( return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( return encapsulate_b2(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_16( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( return encapsulate_unpacked_16(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -175,6 +218,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( return libcrux_ml_kem_ind_cca_generate_keypair_c22(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -182,6 +228,9 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_f6(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -201,6 +250,9 @@ generate_keypair_unpacked_d9(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -209,6 +261,9 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( return generate_keypair_unpacked_d9(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -221,6 +276,11 @@ static bool validate_public_key_570(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 95e4be554..63dc40f87 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index e8cd5bbc6..62ab56360 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_52( libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( decapsulate_52(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_b6( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_ec( return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( return encapsulate_ec(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_9a( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( return encapsulate_unpacked_9a(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -176,6 +219,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -183,6 +229,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_0e(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -202,6 +251,9 @@ generate_keypair_unpacked_4a(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -210,6 +262,9 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_4a(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -222,6 +277,11 @@ static bool validate_public_key_e11(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c147a8fdd..417e9fffa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 67291c9bf..56d0a6c67 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 84df57bde..c3bc43264 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_1d(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_50( libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_72( return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( return encapsulate_72(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_14( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( return encapsulate_unpacked_14(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_27(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_2c(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( return generate_keypair_unpacked_2c(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_57(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 584ff9e81..e347d189e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index a14d6bc00..7ace12866 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_be0( libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_be0(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_06( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_f3( return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( return encapsulate_f3(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_01( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( return encapsulate_unpacked_01(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -172,6 +213,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -179,6 +223,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_df(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -198,6 +245,9 @@ generate_keypair_unpacked_c0(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -206,6 +256,9 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_c0(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,6 +271,11 @@ static bool validate_public_key_e10(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 08df65733..8d065f1d8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index d3208577f..f39c8d40c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index eb821bdb0..97c57c897 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_15( libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_15(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_e1( libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_54( return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( return encapsulate_54(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_94( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( return encapsulate_unpacked_94(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( return libcrux_ml_kem_ind_cca_generate_keypair_c23(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_e4(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_35(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( return generate_keypair_unpacked_35(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_571(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 74e2de796..fc58e53f4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index af58efd18..7556cb943 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_be( libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_be(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_13( return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( return encapsulate_13(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_1b( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( return encapsulate_unpacked_1b(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -172,6 +213,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -179,6 +223,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_ff(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -198,6 +245,9 @@ generate_keypair_unpacked_37(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -206,6 +256,9 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( return generate_keypair_unpacked_37(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,6 +271,11 @@ static bool validate_public_key_e1(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ea8485ac0..52536a0cf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index fe9ab1671..d454d6b36 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_mlkem_avx2.h" @@ -35,8 +35,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -44,11 +43,11 @@ libcrux_ml_kem_vector_avx2_zero(void) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -57,13 +56,12 @@ libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, + int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); @@ -74,14 +72,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } @@ -89,14 +85,12 @@ libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } @@ -104,14 +98,13 @@ libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { return libcrux_intrinsics_avx2_mm256_mullo_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -120,14 +113,14 @@ libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_intrinsics_avx2_mm256_and_si256( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -136,25 +129,21 @@ libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); @@ -164,23 +153,24 @@ libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -192,28 +182,25 @@ libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -222,95 +209,81 @@ libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = + __m256i shifted_to_positive_in_range = libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + (int32_t)15, shifted_to_positive_in_range, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -318,26 +291,27 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -345,292 +319,255 @@ libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m128i +KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum0, libcrux_intrinsics_avx2_mm256_set_epi16( zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum, libcrux_intrinsics_avx2_mm256_set_epi16( zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients0, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = + __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = + __m256i right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( right0, libcrux_intrinsics_avx2_mm256_set_epi32( -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + products_right1, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; @@ -642,100 +579,88 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); @@ -754,61 +679,55 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 4U) - (int16_t)1)); @@ -818,52 +737,43 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, Eurydice_slice), @@ -883,14 +793,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), @@ -907,85 +817,73 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = + __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, Eurydice_slice), @@ -1005,49 +903,40 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); @@ -1057,13 +946,12 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), @@ -1080,12 +968,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); @@ -1099,47 +987,39 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1163,49 +1043,40 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); @@ -1215,19 +1086,17 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = + __m256i compare_with_field_modulus = libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; @@ -1238,14 +1107,13 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; @@ -1253,15 +1121,13 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, sampled_count + (size_t)8U, int16_t, @@ -1284,8 +1150,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { +inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } @@ -1320,6 +1185,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1337,14 +1208,19 @@ deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1382,10 +1258,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_98(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -1397,8 +1271,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_92( - core_core_arch_x86___m256i vector) { +static __m256i shift_right_ea_92(__m256i vector) { return shift_right_98(vector); } @@ -1408,12 +1281,10 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_92(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static __m256i to_unsigned_representative_a4(__m256i a) { + __m256i t = shift_right_ea_92(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -1429,8 +1300,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1444,6 +1314,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1479,6 +1352,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1650,6 +1526,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( shake128_squeeze_three_blocks_6b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1733,6 +1650,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( shake128_squeeze_block_1b1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1958,6 +1916,55 @@ static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], PRFxN_1c2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2073,9 +2080,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_45( size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -2084,8 +2090,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_45( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -2094,8 +2100,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2106,9 +2111,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_9d(b, zeta_r); +ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_9d(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2137,8 +2141,8 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( ntt_layer_int_vec_step_f4( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2242,6 +2246,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2266,13 +2274,11 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -2285,6 +2291,33 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2319,6 +2352,10 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2333,11 +2370,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2351,8 +2387,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_42( - core_core_arch_x86___m256i v) { +static __m256i to_standard_domain_42(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2373,7 +2408,7 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = to_standard_domain_42(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -2381,6 +2416,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2427,6 +2465,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2534,11 +2613,10 @@ with const generics static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -2665,6 +2743,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -2720,6 +2801,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2766,6 +2855,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2904,11 +2996,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); @@ -2940,8 +3029,8 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2984,7 +3073,7 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2993,6 +3082,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3045,8 +3137,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_91( - core_core_arch_x86___m256i v) { +static __m256i decompress_1_91(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3064,7 +3155,7 @@ deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, @@ -3091,12 +3182,12 @@ add_message_error_reduce_89_67( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3104,6 +3195,9 @@ add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3132,61 +3226,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3198,8 +3280,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_80( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_80(__m256i vector) { return compress_ciphertext_coefficient_8a(vector); } @@ -3215,7 +3296,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); @@ -3236,61 +3317,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a0(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3302,8 +3371,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_800( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_800(__m256i vector) { return compress_ciphertext_coefficient_8a0(vector); } @@ -3321,6 +3389,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3362,61 +3433,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a1(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3428,8 +3487,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_801( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_801(__m256i vector) { return compress_ciphertext_coefficient_8a1(vector); } @@ -3445,7 +3503,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); @@ -3464,61 +3522,49 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_8a2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a2(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3530,8 +3576,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_802( - core_core_arch_x86___m256i vector) { +static __m256i compress_ea_802(__m256i vector) { return compress_ciphertext_coefficient_8a2(vector); } @@ -3547,7 +3592,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = + __m256i coefficients = compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); @@ -3572,6 +3617,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3728,6 +3814,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3924,58 +4016,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_55(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_55(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3988,8 +4066,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { return decompress_ciphertext_coefficient_55(vector); } @@ -4010,8 +4087,7 @@ deserialize_then_decompress_10_a7(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); } return re; @@ -4023,58 +4099,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_550(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_550(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4087,8 +4149,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d0( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { return decompress_ciphertext_coefficient_550(vector); } @@ -4109,8 +4170,7 @@ deserialize_then_decompress_11_8d(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); } return re; @@ -4146,6 +4206,10 @@ static KRML_MUSTINLINE void ntt_vector_u_fe( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4178,9 +4242,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); ntt_vector_u_fe(&u_as_ntt[i0]); } memcpy( @@ -4194,58 +4256,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_551(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_551(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4258,8 +4306,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d1( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { return decompress_ciphertext_coefficient_551(vector); } @@ -4279,8 +4326,7 @@ deserialize_then_decompress_4_9a(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); } return re; @@ -4292,58 +4338,44 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_552(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_552(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4356,8 +4388,7 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_1d2( - core_core_arch_x86___m256i vector) { +static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { return decompress_ciphertext_coefficient_552(vector); } @@ -4412,7 +4443,7 @@ subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4422,6 +4453,12 @@ subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4454,9 +4491,8 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_a4(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); @@ -4470,6 +4506,30 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4630,6 +4690,9 @@ deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4786,6 +4849,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4818,6 +4887,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4853,6 +4925,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5027,6 +5102,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( shake128_squeeze_three_blocks_6b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5113,6 +5229,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( shake128_squeeze_block_1b0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5317,6 +5474,10 @@ static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], PRFxN_1c1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5341,13 +5502,11 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -5360,6 +5519,10 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5374,11 +5537,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5386,6 +5548,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5432,6 +5597,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5649,6 +5855,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5704,6 +5913,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5750,6 +5967,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5827,6 +6047,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_570( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5873,6 +6096,9 @@ static KRML_MUSTINLINE void compute_vector_u_000( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5907,7 +6133,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); @@ -5936,6 +6162,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5983,6 +6212,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( compress_then_serialize_5_35(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6140,6 +6410,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6360,6 +6636,10 @@ static KRML_MUSTINLINE void ntt_vector_u_fe0( poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6392,9 +6672,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_100(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); ntt_vector_u_fe0(&u_as_ntt[i0]); } memcpy( @@ -6413,6 +6691,12 @@ deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { return deserialize_then_decompress_5_75(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6434,6 +6718,30 @@ compute_message_220( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6560,6 +6868,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6717,6 +7028,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6749,6 +7066,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6784,6 +7104,9 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6951,6 +7274,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( shake128_squeeze_three_blocks_6b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7031,6 +7395,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( shake128_squeeze_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7240,6 +7645,10 @@ sample_from_binomial_distribution_47(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_43(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7264,13 +7673,11 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_47(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -7283,6 +7690,10 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7297,11 +7708,10 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7309,6 +7719,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7355,6 +7768,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7572,6 +8026,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7627,6 +8084,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7719,6 +8184,9 @@ static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], PRFxN_1c0(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7796,6 +8264,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_57( poly_barrett_reduce_89_99(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7842,6 +8313,9 @@ static KRML_MUSTINLINE void compute_vector_u_00( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7864,6 +8338,9 @@ compute_ring_element_v_71( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7899,6 +8376,47 @@ static void compress_then_serialize_u_84( } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8055,6 +8573,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8245,6 +8769,10 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8277,9 +8805,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_10(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); ntt_vector_u_fe(&u_as_ntt[i0]); } memcpy( @@ -8287,6 +8813,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8308,6 +8840,30 @@ compute_message_22( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8433,6 +8989,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index a43dc2228..0c5c9ed7a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem_avx2_H @@ -30,335 +30,311 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); +__m256i libcrux_ml_kem_vector_avx2_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m128i +__m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + __m128i v, __m128i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -374,8 +350,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); +__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -383,7 +358,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 751ef2e27..f032daea7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index f82784d70..24f4c33dd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 507d406be..25d2df9e0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_mlkem_portable.h" @@ -1018,6 +1018,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +1066,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,6 +1098,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1102,6 +1140,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1434,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -2254,6 +2336,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2280,6 +2368,12 @@ deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2385,6 +2479,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2420,6 +2517,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2597,6 +2697,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( shake128_squeeze_three_blocks_101(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2669,6 +2810,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( shake128_squeeze_block_ed1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2882,6 +3064,55 @@ static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], PRFxN_1d2(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3000,9 +3231,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3107,13 +3337,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_7b( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3127,7 +3357,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3137,7 +3367,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3181,6 +3411,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3206,13 +3440,11 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_f1_892(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3225,6 +3457,33 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3261,6 +3520,10 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3330,6 +3593,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3376,6 +3642,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3620,6 +3927,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3675,6 +3985,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3722,6 +4040,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3804,7 +4125,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3814,7 +4135,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3828,13 +4149,13 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3957,6 +4278,9 @@ static KRML_MUSTINLINE void add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4074,6 +4398,9 @@ add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4201,6 +4528,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4362,6 +4692,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( compress_then_serialize_5_a3(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4521,6 +4892,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4868,6 +5245,10 @@ static KRML_MUSTINLINE void ntt_vector_u_ed0( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4900,9 +5281,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_890(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); ntt_vector_u_ed0(&u_as_ntt[i0]); } memcpy( @@ -5026,9 +5405,8 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -5076,6 +5454,12 @@ subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5125,6 +5509,30 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5289,6 +5697,9 @@ deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5446,6 +5857,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5478,6 +5895,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5513,6 +5933,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5689,6 +6112,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( shake128_squeeze_three_blocks_100(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5761,6 +6225,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( shake128_squeeze_block_ed0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5959,6 +6464,10 @@ sample_from_binomial_distribution_660(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_85(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5984,13 +6493,11 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_f1_890(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_660(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_660( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, @@ -6003,6 +6510,10 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6033,6 +6544,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6079,6 +6593,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6300,6 +6855,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6355,6 +6913,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6435,6 +7001,9 @@ static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], PRFxN_1d1(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6513,6 +7082,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_860( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6559,6 +7131,9 @@ static KRML_MUSTINLINE void compute_vector_u_a10( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6622,6 +7197,9 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6669,6 +7247,47 @@ static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6827,6 +7446,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7048,6 +7673,10 @@ static KRML_MUSTINLINE void ntt_vector_u_ed( poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7080,9 +7709,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( @@ -7101,6 +7728,12 @@ deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { return deserialize_then_decompress_4_34(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7122,6 +7755,30 @@ compute_message_cb0( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7248,6 +7905,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7404,6 +8064,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7436,6 +8102,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7471,6 +8140,9 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7648,6 +8320,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( shake128_squeeze_three_blocks_10(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7720,6 +8433,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( shake128_squeeze_block_ed(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7907,6 +8661,10 @@ static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], PRFxN_1d(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7932,13 +8690,11 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_f1_89(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -7951,6 +8707,10 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7981,6 +8741,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8027,6 +8790,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8248,6 +9052,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8303,6 +9110,14 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8350,6 +9165,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8428,6 +9246,9 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_86( poly_barrett_reduce_89_2c(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8474,6 +9295,9 @@ static KRML_MUSTINLINE void compute_vector_u_a1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8496,6 +9320,9 @@ compute_ring_element_v_1f( return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8531,6 +9358,47 @@ static void compress_then_serialize_u_24( } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8689,6 +9557,12 @@ static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8880,6 +9754,10 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8912,9 +9790,7 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_89(u_bytes); - u_as_ntt[i0] = uu____0; + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( @@ -8922,6 +9798,12 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8943,6 +9825,30 @@ compute_message_cb( return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9069,6 +9975,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 22c73c92b..0088ab487 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_mlkem_portable_H @@ -205,6 +205,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +239,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +282,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +413,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index bdbc91b3d..a0797a0ce 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_H @@ -22,6 +22,9 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -29,6 +32,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -36,6 +42,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -43,6 +52,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -50,6 +62,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -57,11 +72,20 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -70,11 +94,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -83,11 +113,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -96,11 +132,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -109,6 +151,9 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -116,11 +161,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 29b305e5e..fb89c890d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "internal/libcrux_sha3_avx2.h" @@ -19,18 +19,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { +static KRML_MUSTINLINE __m256i zero_ef(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } @@ -38,10 +35,8 @@ _veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -51,18 +46,14 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); } @@ -70,14 +61,11 @@ _vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { return libcrux_intrinsics_avx2_mm256_xor_si256( a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } @@ -86,16 +74,12 @@ _vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } @@ -103,8 +87,7 @@ _veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -112,8 +95,7 @@ xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } @@ -185,6 +167,9 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -231,46 +216,38 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -324,7 +301,7 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -360,10 +337,9 @@ static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -381,9 +357,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; Eurydice_slice uu____1[4U]; memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); load_block_c7(uu____0, uu____1); @@ -395,13 +371,10 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -410,9 +383,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -426,8 +398,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { return _vxarq_u64_c1(a, b); } @@ -437,13 +408,10 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -452,9 +420,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -468,8 +435,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { return _vxarq_u64_c10(a, b); } @@ -479,13 +445,10 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -494,9 +457,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -510,8 +472,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { return _vxarq_u64_c11(a, b); } @@ -521,13 +482,10 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -536,9 +494,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -552,8 +509,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { return _vxarq_u64_c12(a, b); } @@ -563,9 +519,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -579,8 +534,7 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { return _vxarq_u64_c13(a, b); } @@ -590,13 +544,10 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -605,9 +556,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -621,8 +571,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { return _vxarq_u64_c14(a, b); } @@ -632,13 +581,10 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -647,9 +593,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -663,8 +608,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { return _vxarq_u64_c15(a, b); } @@ -674,13 +618,10 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -689,9 +630,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -705,8 +645,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { return _vxarq_u64_c16(a, b); } @@ -716,13 +655,10 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -731,9 +667,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -747,8 +682,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { return _vxarq_u64_c17(a, b); } @@ -758,13 +692,10 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -773,9 +704,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -789,8 +719,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { return _vxarq_u64_c18(a, b); } @@ -800,13 +729,10 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -815,9 +741,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -831,8 +756,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { return _vxarq_u64_c19(a, b); } @@ -842,13 +766,10 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -857,9 +778,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -873,8 +793,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { return _vxarq_u64_c110(a, b); } @@ -884,13 +803,10 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -899,9 +815,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -915,8 +830,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { return _vxarq_u64_c111(a, b); } @@ -926,13 +840,10 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -941,9 +852,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -957,8 +867,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { return _vxarq_u64_c112(a, b); } @@ -968,13 +877,10 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -983,9 +889,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -999,8 +904,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { return _vxarq_u64_c113(a, b); } @@ -1010,13 +914,10 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1025,9 +926,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -1041,8 +941,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { return _vxarq_u64_c114(a, b); } @@ -1052,13 +951,10 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1067,9 +963,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -1083,8 +978,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { return _vxarq_u64_c115(a, b); } @@ -1094,13 +988,10 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1109,9 +1000,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -1125,8 +1015,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { return _vxarq_u64_c116(a, b); } @@ -1136,13 +1025,10 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1151,9 +1037,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1167,8 +1052,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { return _vxarq_u64_c117(a, b); } @@ -1178,13 +1062,10 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1193,9 +1074,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1209,8 +1089,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { return _vxarq_u64_c118(a, b); } @@ -1220,13 +1099,10 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1235,9 +1111,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1251,8 +1126,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { return _vxarq_u64_c119(a, b); } @@ -1262,13 +1136,10 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1277,9 +1148,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1293,8 +1163,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { return _vxarq_u64_c120(a, b); } @@ -1304,13 +1173,10 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1319,9 +1185,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1335,8 +1200,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { return _vxarq_u64_c121(a, b); } @@ -1346,13 +1210,10 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1361,9 +1222,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1377,8 +1237,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { return _vxarq_u64_c122(a, b); } @@ -1390,105 +1249,57 @@ with const generics */ static KRML_MUSTINLINE void theta_rho_71( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = + __m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = + __m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = + __m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { + __m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1500,8 +1311,8 @@ with const generics */ static KRML_MUSTINLINE void pi_01( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1536,8 +1347,8 @@ with const generics */ static KRML_MUSTINLINE void chi_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1584,7 +1395,7 @@ with const generics */ static KRML_MUSTINLINE void absorb_block_37( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); load_block_ef_6a(uu____0, uu____1); @@ -1596,8 +1407,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -1618,9 +1429,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_91(uu____0, uu____1); @@ -1648,7 +1459,7 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_05(uu____3, uu____4); @@ -1660,48 +1471,40 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -1808,8 +1611,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; @@ -1843,8 +1646,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { store_block_full_0b(a, ret); } @@ -1880,8 +1683,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e9(a, b); } @@ -2006,6 +1809,9 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], } } +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -2015,6 +1821,9 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, keccak_14(buf0, buf); } +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { return new_1e_16(); @@ -2025,46 +1834,38 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -2118,7 +1919,7 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -2154,10 +1955,9 @@ static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -2171,8 +1971,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -2193,9 +1993,9 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; +static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_910(uu____0, uu____1); @@ -2223,13 +2023,16 @@ static KRML_MUSTINLINE void absorb_final_5e0( } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_050(uu____3, uu____4); keccakf1600_07(s); } +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2242,48 +2045,40 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -2394,8 +2189,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e90(a, b); } @@ -2412,6 +2207,9 @@ static KRML_MUSTINLINE void squeeze_next_block_1c0( store_block_ef_f60(s->st, out); } +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2457,6 +2255,9 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2504,6 +2305,9 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2512,6 +2316,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2519,6 +2326,9 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2527,6 +2337,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 667739a31..fca89dc4c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_avx2_H @@ -30,41 +30,68 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index c31f051b5..7ae9eb4eb 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_internal_H @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1224,75 +1227,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 6e368639b..e000a5155 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,27 +4,38 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #include "libcrux_sha3_neon.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -34,6 +45,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } +/** + Initialise the `KeccakState2`. +*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -41,6 +55,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -49,6 +66,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,6 +79,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -67,6 +92,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -74,6 +102,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 68bc29ff1..f3ed82378 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 */ #ifndef __libcrux_sha3_neon_H @@ -22,10 +22,21 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -33,23 +44,43 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) From 541bf678bd86e09a69bb057fd7d1930333f8c07a Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sat, 10 Aug 2024 15:04:58 +0000 Subject: [PATCH 02/16] re-extract cg --- libcrux-ml-kem/c/libcrux_core.h | 449 +-- libcrux-ml-kem/cg.yaml | 5 + libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 29 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 19 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 2478 +++++++++-------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 527 +++- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 1054 +++---- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 196 +- 9 files changed, 2707 insertions(+), 2058 deletions(-) diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index c9cbb548b..4a0da578a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -15,231 +15,256 @@ #define __libcrux_core_H #if defined(__cplusplus) -extern "C" { +extern "C" +{ #endif #include "eurydice_glue.h" -/** -A monomorphic instance of core.ops.range.Range -with types size_t + /** + A monomorphic instance of core.ops.range.Range + with types size_t -*/ -typedef struct core_ops_range_Range_b3_s { - size_t start; - size_t end; -} core_ops_range_Range_b3; + */ + typedef struct core_ops_range_Range_b3_s + { + size_t start; + size_t end; + } core_ops_range_Range_b3; #define core_option_None 0 #define core_option_Some 1 -typedef uint8_t core_option_Option_ef_tags; - -/** -A monomorphic instance of core.option.Option -with types size_t - -*/ -typedef struct core_option_Option_b3_s { - core_option_Option_ef_tags tag; - size_t f0; -} core_option_Option_b3; - -static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - -static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1568size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { - uint8_t value[1568U]; -} libcrux_ml_kem_types_MlKemPublicKey_1f; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] - -*/ -typedef struct core_option_Option_99_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_1f f0; -} core_option_Option_99; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $3168size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s { - uint8_t value[3168U]; -} libcrux_ml_kem_types_MlKemPrivateKey_95; - -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_95 sk; - libcrux_ml_kem_types_MlKemPublicKey_1f pk; -} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; - -typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { - uint8_t value[1568U]; -} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_21_s { - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; - uint8_t snd[32U]; -} tuple_21; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $1184size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { - uint8_t value[1184U]; -} libcrux_ml_kem_types_MlKemPublicKey_15; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - -*/ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $2400size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { - uint8_t value[2400U]; -} libcrux_ml_kem_types_MlKemPrivateKey_55; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; -} libcrux_ml_kem_mlkem768_MlKem768KeyPair; - -typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { - uint8_t value[1088U]; -} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], -uint8_t[32size_t] - -*/ -typedef struct tuple_3c_s { - libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; - uint8_t snd[32U]; -} tuple_3c; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; + typedef uint8_t core_option_Option_ef_tags; + + /** + A monomorphic instance of core.option.Option + with types size_t + + */ + typedef struct core_option_Option_b3_s + { + core_option_Option_ef_tags tag; + size_t f0; + } core_option_Option_b3; + + static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + + static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey + with const generics + - $1568size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s + { + uint8_t value[1568U]; + } libcrux_ml_kem_types_MlKemPublicKey_1f; + + /** + A monomorphic instance of core.option.Option + with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] + + */ + typedef struct core_option_Option_99_s + { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_1f f0; + } core_option_Option_99; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey + with const generics + - $3168size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s + { + uint8_t value[3168U]; + } libcrux_ml_kem_types_MlKemPrivateKey_95; + + typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s + { + libcrux_ml_kem_types_MlKemPrivateKey_95 sk; + libcrux_ml_kem_types_MlKemPublicKey_1f pk; + } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; + + typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s + { + uint8_t value[1568U]; + } libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; + + /** + A monomorphic instance of K. + with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], + uint8_t[32size_t] + + */ + typedef struct tuple_21_s + { + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; + uint8_t snd[32U]; + } tuple_21; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey + with const generics + - $1184size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s + { + uint8_t value[1184U]; + } libcrux_ml_kem_types_MlKemPublicKey_15; + + /** + A monomorphic instance of core.option.Option + with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] + + */ + typedef struct core_option_Option_92_s + { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_15 f0; + } core_option_Option_92; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey + with const generics + - $2400size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s + { + uint8_t value[2400U]; + } libcrux_ml_kem_types_MlKemPrivateKey_55; + + typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s + { + libcrux_ml_kem_types_MlKemPrivateKey_55 sk; + libcrux_ml_kem_types_MlKemPublicKey_15 pk; + } libcrux_ml_kem_mlkem768_MlKem768KeyPair; + + typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s + { + uint8_t value[1088U]; + } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + + /** + A monomorphic instance of K. + with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], + uint8_t[32size_t] + + */ + typedef struct tuple_3c_s + { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; + uint8_t snd[32U]; + } tuple_3c; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey + with const generics + - $800size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s + { + uint8_t value[800U]; + } libcrux_ml_kem_types_MlKemPublicKey_be; + + /** + A monomorphic instance of core.option.Option + with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + + */ + typedef struct core_option_Option_04_s + { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; + } core_option_Option_04; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey + with const generics + - $1632size_t + */ + typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s + { + uint8_t value[1632U]; + } libcrux_ml_kem_types_MlKemPrivateKey_5e; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair + with const generics + - $1632size_t + - $800size_t + */ + typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s + { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; + } libcrux_ml_kem_types_MlKemKeyPair_cb; + + /** + A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext + with const generics + - $768size_t + */ + typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s + { + uint8_t value[768U]; + } libcrux_ml_kem_types_MlKemCiphertext_e8; + + /** + A monomorphic instance of K. + with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + + */ + typedef struct tuple_ec_s + { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; + } tuple_ec; #define core_result_Ok 0 #define core_result_Err 1 -typedef uint8_t core_result_Result_00_tags; - -/** -A monomorphic instance of core.result.Result -with types uint8_t[8size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_56; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[8size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); - -typedef struct Eurydice_slice_uint8_t_x2_s { - Eurydice_slice fst; - Eurydice_slice snd; -} Eurydice_slice_uint8_t_x2; - -typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; -} Eurydice_slice_uint8_t_1size_t__x2; + typedef uint8_t core_result_Result_00_tags; + + /** + A monomorphic instance of core.result.Result + with types uint8_t[8size_t], core_array_TryFromSliceError + + */ + typedef struct core_result_Result_56_s + { + core_result_Result_00_tags tag; + union + { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } val; + } core_result_Result_56; + + /** + This function found in impl {core::result::Result} + */ + /** + A monomorphic instance of core.result.unwrap_41 + with types uint8_t[8size_t], core_array_TryFromSliceError + + */ + void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); + + typedef struct Eurydice_slice_uint8_t_x2_s + { + Eurydice_slice fst; + Eurydice_slice snd; + } Eurydice_slice_uint8_t_x2; + + typedef struct Eurydice_slice_uint8_t_1size_t__x2_s + { + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; + } Eurydice_slice_uint8_t_1size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index 7e0205733..d4a28b48e 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -116,3 +116,8 @@ files: - [libcrux_ml_kem, vector, "*"] - [libcrux_ml_kem, hash_functions, portable, "*"] - [libcrux_ml_kem, ind_cca, instantiations, portable, "*"] + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 89de62066..6acb4d397 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 -Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 -Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 +Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f +Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 313228c9f..07f561d00 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_core_H @@ -213,6 +213,9 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemCiphertext#6} */ @@ -258,6 +261,9 @@ typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { libcrux_ml_kem_types_MlKemPublicKey_15 pk; } libcrux_ml_kem_mlkem768_MlKem768KeyPair; +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -322,6 +328,9 @@ libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -335,6 +344,9 @@ static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -387,6 +399,9 @@ static inline void core_result_unwrap_41_83(core_result_Result_00 self, } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -420,6 +435,9 @@ static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( Eurydice_slice); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -438,6 +456,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 3bf3b7a0a..63d4774f7 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_ct_ops_H @@ -21,6 +21,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -36,6 +39,10 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { return libcrux_ml_kem_constant_time_ops_inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; @@ -55,6 +62,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return libcrux_ml_kem_constant_time_ops_compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static inline void libcrux_ml_kem_constant_time_ops_select_ct( Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index d3f1e459d..09cb085ac 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_mlkem768_avx2_H @@ -45,11 +45,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -typedef core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; +typedef __m256i libcrux_ml_kem_vector_avx2_SIMD256Vector; KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { return libcrux_intrinsics_avx2_mm256_setzero_si256(); } @@ -58,13 +57,12 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea( - void) { +static inline __m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } @@ -74,14 +72,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { +static inline __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { + __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); @@ -94,14 +92,13 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_to_i16_array_ea( - core_core_arch_x86___m256i x, int16_t ret[16U]) { + __m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs) { return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } @@ -110,15 +107,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +static inline __m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, + __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs) { return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } @@ -127,15 +123,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +static inline __m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, + __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { return libcrux_intrinsics_avx2_mm256_mullo_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -145,16 +141,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(core_core_arch_x86___m256i v, - int16_t c) { +static inline __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + __m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_intrinsics_avx2_mm256_and_si256( vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } @@ -164,26 +159,22 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +static inline __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); @@ -194,28 +185,29 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = libcrux_intrinsics_avx2_mm256_mullo_epi16( quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); @@ -228,30 +220,27 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } @@ -261,36 +250,32 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = + __m256i shifted_to_positive_in_range = libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + (int32_t)15, shifted_to_positive_in_range, __m256i); } /** @@ -298,63 +283,55 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_1_ea(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -363,28 +340,26 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } @@ -393,52 +368,43 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m128i +static KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients, __m256i); } /** @@ -446,39 +412,38 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum0, libcrux_intrinsics_avx2_mm256_set_epi16( zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); } /** @@ -486,40 +451,37 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( rhs, libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( sum, libcrux_intrinsics_avx2_mm256_set_epi16( zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); } /** @@ -527,33 +489,28 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = + __m256i combined = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + (int32_t)1, combined, upper_coefficients0, __m256i); } /** @@ -561,115 +518,96 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +static inline __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + __m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); + __m256i); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = + __m256i right = libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( right0, libcrux_intrinsics_avx2_mm256_set_epi32( -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + products_right1, __m256i); } /** @@ -677,28 +615,22 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_multiply_ea(core_core_arch_x86___m256i *lhs, - core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +static inline __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + __m256i *lhs, __m256i *rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; @@ -711,60 +643,56 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); } /** @@ -772,42 +700,35 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); @@ -827,62 +748,56 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 4U) - (int16_t)1)); @@ -893,53 +808,45 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, Eurydice_slice), @@ -960,15 +867,15 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +static inline void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), @@ -985,34 +892,29 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = + __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m256i); } /** @@ -1020,52 +922,46 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, Eurydice_slice), @@ -1087,49 +983,40 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 10U) - (int16_t)1)); @@ -1140,14 +1027,14 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), @@ -1166,12 +1053,12 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); @@ -1186,48 +1073,41 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1253,49 +1133,40 @@ libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); return libcrux_intrinsics_avx2_mm256_and_si256( coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( ((int16_t)1 << 12U) - (int16_t)1)); @@ -1306,8 +1177,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { +static inline __m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } @@ -1315,12 +1186,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = + __m256i compare_with_field_modulus = libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; @@ -1331,14 +1201,13 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; @@ -1346,15 +1215,13 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, sampled_count + (size_t)8U, int16_t, @@ -1380,7 +1247,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** @@ -1453,6 +1320,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1518,59 +1388,45 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1584,9 +1440,9 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( vector); } @@ -1611,8 +1467,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( coefficient); @@ -1627,59 +1482,45 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -1693,9 +1534,9 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( vector); } @@ -1720,8 +1561,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( coefficient); @@ -1743,8 +1583,8 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -1754,9 +1594,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( - core_core_arch_x86___m256i v, int16_t fer) { +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( + __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1768,11 +1607,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1802,8 +1639,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -1922,6 +1759,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1957,10 +1798,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); } memcpy( @@ -1975,59 +1815,45 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2041,9 +1867,9 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( vector); } @@ -2067,8 +1893,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( coefficient); @@ -2083,59 +1908,45 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = + __m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -2149,9 +1960,9 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i +static inline __m256i libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( - core_core_arch_x86___m256i vector) { + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( vector); } @@ -2197,6 +2008,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2234,6 +2072,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_48( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2249,11 +2091,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2339,11 +2180,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df(__m256i a, + __m256i b, + int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); @@ -2377,8 +2217,8 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2428,7 +2268,7 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_56( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2438,6 +2278,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_56( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2470,11 +2316,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8( - core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -2487,9 +2331,8 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_shift_right_ea_4e( - core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_4e( + __m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); } @@ -2500,14 +2343,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static inline __m256i +libcrux_ml_kem_vector_traits_to_unsigned_representative_a4(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -2524,10 +2364,10 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_4a( uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); @@ -2542,6 +2382,30 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_4a( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2662,6 +2526,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2682,14 +2552,19 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2843,6 +2718,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2935,6 +2851,47 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3209,6 +3166,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3332,9 +3338,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -3366,6 +3371,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3397,11 +3406,10 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; @@ -3430,6 +3438,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3539,7 +3550,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -3548,6 +3559,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3604,8 +3618,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_decompress_1_91(core_core_arch_x86___m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_91(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3626,7 +3639,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); @@ -3655,12 +3668,12 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3668,6 +3681,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3703,62 +3719,50 @@ generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3771,8 +3775,8 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_98(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_98( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( vector); } @@ -3791,10 +3795,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_98( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_98( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3815,62 +3818,50 @@ generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -3883,8 +3874,8 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_980(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_980( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( vector); } @@ -3903,10 +3894,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_980( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re->coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_980( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3936,6 +3926,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3980,62 +3973,50 @@ generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4048,8 +4029,8 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_981(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_981( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( vector); } @@ -4068,10 +4049,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_b7( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_compress_ea_981( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_981( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4090,62 +4070,50 @@ generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i +static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = + __m256i coefficients_low0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); } /** @@ -4158,8 +4126,8 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_ea_982(core_core_arch_x86___m256i vector) { +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_982( + __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( vector); } @@ -4178,10 +4146,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_35( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = - libcrux_ml_kem_vector_avx2_compress_ea_982( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( - re.coefficients[i0])); + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_982( + libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4207,6 +4174,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4472,6 +4480,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -4499,6 +4510,13 @@ static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -4627,6 +4645,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -4656,6 +4677,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, @@ -4806,6 +4834,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, @@ -4885,6 +4920,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -4915,6 +4953,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, @@ -4959,9 +5005,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i -libcrux_ml_kem_vector_traits_to_standard_domain_42( - core_core_arch_x86___m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_42( + __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -4984,7 +5029,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_traits_to_standard_domain_42( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4993,6 +5038,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5044,6 +5092,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5138,7 +5227,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = + __m256i coefficient = libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0]); uint8_t bytes[24U]; @@ -5154,6 +5243,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5190,6 +5282,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5257,6 +5352,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5313,6 +5411,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5360,6 +5466,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -5380,6 +5489,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { @@ -5444,11 +5556,10 @@ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 libcrux_ml_kem_polynomial_clone_d5_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -5537,6 +5648,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -5558,6 +5672,9 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( @@ -5705,6 +5822,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics @@ -5733,6 +5853,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, @@ -5836,6 +5963,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( return lit; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics @@ -5864,6 +5994,13 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, @@ -5889,6 +6026,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( return libcrux_ml_kem_polynomial_ZERO_89_d5(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5952,6 +6095,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -5967,6 +6113,11 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ KRML_ATTRIBUTE_TARGET("avx2") static inline core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( @@ -5987,8 +6138,7 @@ This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { +static inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 1bedf65a9..3cd6940e7 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_mlkem768_portable_H @@ -1115,6 +1115,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { @@ -1157,6 +1170,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ static inline int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { @@ -1176,6 +1203,17 @@ libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ static KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1207,6 +1245,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ static inline uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { @@ -1481,6 +1541,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ static KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, @@ -2498,6 +2580,9 @@ libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2801,13 +2886,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U; } } @@ -2824,7 +2908,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -2834,7 +2918,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U; } } @@ -2884,6 +2967,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2918,10 +3005,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + u_as_ntt[i0] = libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( u_bytes); - u_as_ntt[i0] = uu____0; libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); } memcpy( @@ -3052,9 +3138,8 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( re.coefficients[i0]); @@ -3075,6 +3160,33 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3113,6 +3225,10 @@ libcrux_ml_kem_polynomial_ntt_multiply_89_d5( return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3155,7 +3271,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3165,7 +3281,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U; } } @@ -3182,13 +3297,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U; } } @@ -3322,6 +3436,12 @@ libcrux_ml_kem_polynomial_subtract_reduce_89_79( return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3427,6 +3547,30 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_fb( memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3541,6 +3685,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -3569,6 +3719,12 @@ libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3724,6 +3880,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -3806,6 +4003,47 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -4064,6 +4302,55 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -4186,9 +4473,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -4218,6 +4504,10 @@ libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4249,11 +4539,10 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + re_as_ntt[i0] = libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -4282,6 +4571,9 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4399,6 +4691,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4522,6 +4817,9 @@ libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4692,6 +4990,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4865,6 +5166,47 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5128,6 +5470,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -5155,6 +5500,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5282,6 +5634,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -5310,6 +5665,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5455,6 +5817,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -5533,6 +5902,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( return lit; } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -5562,6 +5934,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { @@ -5639,6 +6019,9 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5689,6 +6072,47 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5798,6 +6222,9 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5833,6 +6260,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5899,6 +6329,9 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -5954,6 +6387,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6001,6 +6442,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -6021,6 +6465,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -6178,6 +6625,9 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { return lit; } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -6198,6 +6648,9 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -6342,6 +6795,9 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_decapsulate with const @@ -6370,6 +6826,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); } +/** + Decapsulate Kyber 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6470,6 +6933,9 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( return lit; } +/** + Portable encapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.kyber_encapsulate with const @@ -6498,6 +6964,13 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); } +/** + Encapsulate Kyber 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -6521,6 +6994,12 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( return libcrux_ml_kem_polynomial_ZERO_89_39(); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6582,6 +7061,9 @@ static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -6596,6 +7078,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ static inline core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index d47e46e3b..d3a29b153 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_sha3_avx2_H @@ -28,22 +28,16 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_zero_ef(void) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_zero_ef(void) { return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veor5q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veor5q_u64( + __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } @@ -52,12 +46,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor5_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, - core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor5_ef( + __m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { return libcrux_sha3_simd_avx2__veor5q_u64(a, b, c, d, e); } @@ -68,20 +58,17 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_58(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_58(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vrax1q_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vrax1q_u64(__m256i a, + __m256i b) { + __m256i uu____0 = a; return libcrux_intrinsics_avx2_mm256_xor_si256( uu____0, libcrux_sha3_simd_avx2_rotate_left_58(b)); } @@ -91,17 +78,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vrax1q_u64(a, b); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vbcaxq_u64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vbcaxq_u64(__m256i a, + __m256i b, + __m256i c) { return libcrux_intrinsics_avx2_mm256_xor_si256( a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } @@ -111,18 +96,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_and_not_xor_ef(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return libcrux_sha3_simd_avx2__vbcaxq_u64(a, b, c); } KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__veorq_n_u64(__m256i a, + uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } @@ -131,9 +113,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_constant_ef(core_core_arch_x86___m256i a, - uint64_t c) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_constant_ef(__m256i a, uint64_t c) { return libcrux_sha3_simd_avx2__veorq_n_u64(a, c); } @@ -142,8 +123,8 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_sha3_simd_avx2_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor_ef(__m256i a, + __m256i b) { return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } @@ -226,9 +207,12 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -278,45 +262,37 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -370,7 +346,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -406,10 +382,9 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -429,8 +404,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; + __m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; Eurydice_slice uu____1[4U]; memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); @@ -443,13 +418,11 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_580(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_580(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -459,10 +432,9 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c1(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2__vxarq_u64_c1(__m256i a, + __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_580(ab); } @@ -477,9 +449,8 @@ with const generics - RIGHT= 28 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c1(a, b); } @@ -490,13 +461,11 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_581(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_581(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -506,10 +475,9 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c10(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_581(ab); } @@ -524,9 +492,8 @@ with const generics - RIGHT= 61 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c10(a, b); } @@ -537,13 +504,11 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_582(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_582(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -553,10 +518,9 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c11(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_582(ab); } @@ -571,9 +535,8 @@ with const generics - RIGHT= 23 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c11(a, b); } @@ -584,13 +547,11 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_583(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_583(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -600,10 +561,9 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c12(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_583(ab); } @@ -618,9 +578,8 @@ with const generics - RIGHT= 46 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c12(a, b); } @@ -631,10 +590,9 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c13(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_58(ab); } @@ -649,9 +607,8 @@ with const generics - RIGHT= 63 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c13(a, b); } @@ -662,13 +619,11 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_584(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_584(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -678,10 +633,9 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c14(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_584(ab); } @@ -696,9 +650,8 @@ with const generics - RIGHT= 20 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c14(a, b); } @@ -709,13 +662,11 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_585(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_585(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -725,10 +676,9 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c15(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_585(ab); } @@ -743,9 +693,8 @@ with const generics - RIGHT= 54 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c15(a, b); } @@ -756,13 +705,11 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_586(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_586(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -772,10 +719,9 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_586(ab); } @@ -790,9 +736,8 @@ with const generics - RIGHT= 19 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c16(a, b); } @@ -803,13 +748,11 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_587(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_587(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -819,10 +762,9 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c17(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_587(ab); } @@ -837,9 +779,8 @@ with const generics - RIGHT= 62 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c17(a, b); } @@ -850,13 +791,11 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_588(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_588(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -866,10 +805,9 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c18(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_588(ab); } @@ -884,9 +822,8 @@ with const generics - RIGHT= 2 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c18(a, b); } @@ -897,13 +834,11 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_589(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_589(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -913,10 +848,9 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c19(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_589(ab); } @@ -931,9 +865,8 @@ with const generics - RIGHT= 58 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c19(a, b); } @@ -944,13 +877,11 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5810(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5810(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -960,10 +891,9 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c110(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5810(ab); } @@ -978,9 +908,8 @@ with const generics - RIGHT= 21 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c110(a, b); } @@ -991,13 +920,11 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5811(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5811(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -1007,10 +934,9 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c111(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5811(ab); } @@ -1025,9 +951,8 @@ with const generics - RIGHT= 49 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c111(a, b); } @@ -1038,13 +963,11 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5812(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5812(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -1054,10 +977,9 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c112(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5812(ab); } @@ -1072,9 +994,8 @@ with const generics - RIGHT= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c112(a, b); } @@ -1085,13 +1006,11 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5813(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5813(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -1101,10 +1020,9 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c113(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5813(ab); } @@ -1119,9 +1037,8 @@ with const generics - RIGHT= 36 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c113(a, b); } @@ -1132,13 +1049,11 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5814(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5814(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1148,10 +1063,9 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c114(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5814(ab); } @@ -1166,9 +1080,8 @@ with const generics - RIGHT= 9 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c114(a, b); } @@ -1179,13 +1092,11 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5815(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5815(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1195,10 +1106,9 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c115(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5815(ab); } @@ -1213,9 +1123,8 @@ with const generics - RIGHT= 39 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c115(a, b); } @@ -1226,13 +1135,11 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5816(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5816(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1242,10 +1149,9 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c116(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5816(ab); } @@ -1260,9 +1166,8 @@ with const generics - RIGHT= 43 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c116(a, b); } @@ -1273,13 +1178,11 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5817(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5817(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1289,10 +1192,9 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c117(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5817(ab); } @@ -1307,9 +1209,8 @@ with const generics - RIGHT= 8 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c117(a, b); } @@ -1320,13 +1221,11 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5818(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5818(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1336,10 +1235,9 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c118(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5818(ab); } @@ -1354,9 +1252,8 @@ with const generics - RIGHT= 37 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c118(a, b); } @@ -1367,13 +1264,11 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5819(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5819(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1383,10 +1278,9 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c119(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5819(ab); } @@ -1401,9 +1295,8 @@ with const generics - RIGHT= 44 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c119(a, b); } @@ -1414,13 +1307,11 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5820(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5820(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1430,10 +1321,9 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c120(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5820(ab); } @@ -1448,9 +1338,8 @@ with const generics - RIGHT= 25 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c120(a, b); } @@ -1461,13 +1350,11 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5821(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5821(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1477,10 +1364,9 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c121(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5821(ab); } @@ -1495,9 +1381,8 @@ with const generics - RIGHT= 56 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c121(a, b); } @@ -1508,13 +1393,11 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_rotate_left_5822(core_core_arch_x86___m256i x) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_rotate_left_5822(__m256i x) { return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1524,10 +1407,9 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2__vxarq_u64_c122(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2__vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return libcrux_sha3_simd_avx2_rotate_left_5822(ab); } @@ -1542,9 +1424,8 @@ with const generics - RIGHT= 50 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i +libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(__m256i a, __m256i b) { return libcrux_sha3_simd_avx2__vxarq_u64_c122(a, b); } @@ -1557,114 +1438,85 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], - s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], - s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], - s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], - s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], - s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( - c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], + s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][1U], s->st[1U][1U], + s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][2U], s->st[1U][2U], + s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][3U], s->st[1U][3U], + s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][4U], s->st[1U][4U], + s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + __m256i uu____0 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + __m256i uu____1 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + __m256i uu____2 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + __m256i uu____3 = libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + __m256i t[5U] = {uu____0, uu____1, uu____2, uu____3, + libcrux_sha3_simd_avx2_rotate_left1_and_xor_ef( + c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = + s->st[1U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = + s->st[2U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = + s->st[3U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = + s->st[4U][0U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = + s->st[0U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = + s->st[1U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = + s->st[2U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = + s->st[3U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = + s->st[4U][1U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = + s->st[0U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = + s->st[1U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = + s->st[2U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = + s->st[3U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = + s->st[4U][2U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = + s->st[0U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = + s->st[1U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = + s->st[2U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = + s->st[3U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = + s->st[4U][3U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = + s->st[0U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = + s->st[1U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = + s->st[2U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = + s->st[3U][4U] = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = + __m256i uu____27 = libcrux_sha3_simd_avx2_xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1678,8 +1530,8 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1715,8 +1567,8 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); for (size_t i0 = (size_t)0U; i0 < (size_t)5U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)5U; i++) { @@ -1769,7 +1621,7 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); @@ -1783,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -1806,8 +1658,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; + __m256i (*a)[5U], uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); @@ -1839,7 +1691,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); @@ -1853,47 +1705,39 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -2002,7 +1846,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { + __m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; @@ -2038,7 +1882,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { + __m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); } @@ -2081,7 +1925,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e9(a, b); } @@ -2215,6 +2059,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( } } +/** + Perform 4 SHAKE256 operations in parallel +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, @@ -2228,6 +2075,9 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( typedef libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_KeccakState; +/** + Initialise the [`KeccakState`]. +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { @@ -2241,45 +2091,37 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { + __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); @@ -2333,7 +2175,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -2369,10 +2211,9 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = @@ -2388,7 +2229,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + __m256i (*s)[5U], uint8_t blocks[4U][200U]) { Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, blocks[1U], @@ -2411,8 +2252,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; + __m256i (*a)[5U], uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; uint8_t uu____1[4U][200U]; memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); @@ -2444,13 +2285,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U; } - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); libcrux_sha3_generic_keccak_keccakf1600_07(s); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( @@ -2467,47 +2311,39 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( - core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { + __m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, @@ -2620,7 +2456,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e90(a, b); } @@ -2638,6 +2474,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); } +/** + Squeeze another block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( @@ -2688,6 +2527,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); } +/** + Squeeze three blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( @@ -2739,6 +2581,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); } +/** + Squeeze five blocks +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( @@ -2748,6 +2593,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); } +/** + Absorb +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( @@ -2757,6 +2605,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } +/** + Squeeze block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( @@ -2766,6 +2617,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); } +/** + Squeeze next block +*/ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 56e5608a9..16738841a 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 3f6d1c304e0e5bef1e9e2ea65aec703661b05f39 - * Eurydice: 392674166bac86e60f5fffa861181a398fdc3896 - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 75bf8bca5f9903b4f6e8fba693d61af1415d512f + * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 */ #ifndef __libcrux_sha3_portable_H @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -1212,75 +1215,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1680,6 +1660,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( libcrux_sha3_generic_keccak_keccak_75(uu____0, out); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2038,6 +2021,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( libcrux_sha3_generic_keccak_keccak_750(uu____0, out); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2164,6 +2150,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( libcrux_sha3_generic_keccak_keccak_751(uu____0, out); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -2171,6 +2160,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2178,6 +2170,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha512(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2185,6 +2180,11 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha256(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -2201,6 +2201,9 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ static KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -2208,6 +2211,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, @@ -2217,6 +2223,10 @@ libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2226,6 +2236,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -2235,6 +2249,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); @@ -2326,6 +2343,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_keccakf1600_85(s); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -2381,6 +2401,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2427,6 +2450,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -2441,6 +2467,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -2820,6 +2849,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( libcrux_sha3_generic_keccak_keccak_752(uu____0, out); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3178,6 +3210,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( libcrux_sha3_generic_keccak_keccak_753(uu____0, out); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3185,11 +3220,20 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; @@ -3198,11 +3242,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -3211,11 +3261,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; @@ -3224,11 +3280,17 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; @@ -3442,6 +3504,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( libcrux_sha3_generic_keccak_keccak_754(uu____0, out); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -3449,11 +3514,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); @@ -3473,6 +3548,9 @@ static const size_t libcrux_sha3_generic_keccak__ROTC[24U] = { (size_t)45U, (size_t)15U, (size_t)21U, (size_t)8U, (size_t)18U, (size_t)2U, (size_t)61U, (size_t)56U, (size_t)14U}; +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3480,6 +3558,9 @@ static KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -3528,6 +3609,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -3535,6 +3619,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -3542,11 +3629,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_721(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f2(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -3554,6 +3647,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { From c52405ea0a57830cfac5f952072ffe083ccb94f7 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Mon, 12 Aug 2024 13:56:03 -0700 Subject: [PATCH 03/16] wip --- libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 231 +- .../c/internal/libcrux_mlkem_neon.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 48 +- .../c/internal/libcrux_sha3_internal.h | 44 +- libcrux-ml-kem/c/libcrux_core.c | 308 +- libcrux-ml-kem/c/libcrux_core.h | 455 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 68 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 48 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 66 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 9125 +--------------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 507 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9287 ++++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 572 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2885 +++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 186 +- libcrux-ml-kem/c/libcrux_sha3.h | 18 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2327 +---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 742 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3308 +++++- libcrux-ml-kem/c/libcrux_sha3_neon.h | 29 +- 34 files changed, 15775 insertions(+), 14904 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7de2127cd..7fd7d385c 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 +F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 +Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 50f0155c0..ff449d1ea 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_core_H @@ -23,8 +23,6 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) -static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); - uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -73,10 +71,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( + uint8_t value[800U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -88,12 +86,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -102,10 +100,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -114,10 +112,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( + uint8_t value[768U]); /** A reference to the raw byte slice. @@ -128,10 +126,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -140,10 +138,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** Pad the `slice` with `0`s at the end. @@ -151,10 +149,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]); /** This function found in impl {(core::convert::From<@Array> for @@ -163,10 +161,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( + uint8_t value[1568U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -178,12 +176,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -192,10 +190,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -204,10 +202,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( - uint8_t value[1088U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( + uint8_t value[1568U]); /** A reference to the raw byte slice. @@ -218,10 +216,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -230,10 +228,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -241,10 +239,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -253,10 +251,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( + uint8_t value[1184U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -268,12 +266,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -282,10 +280,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -294,10 +292,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( - uint8_t value[768U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( + uint8_t value[1088U]); /** A reference to the raw byte slice. @@ -308,10 +306,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** Pad the `slice` with `0`s at the end. @@ -321,7 +319,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -355,7 +353,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -365,10 +363,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -376,10 +374,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]); /** Pad the `slice` with `0`s at the end. @@ -389,77 +387,18 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.result.Result -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_6f; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_7a; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); - -/** -A monomorphic instance of core.result.Result -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; - union { - uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_cd; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError +A monomorphic instance of core.option.Option +with types Eurydice_slice uint8_t */ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); +typedef struct core_option_Option_44_s { + core_option_Option_ef_tags tag; + Eurydice_slice f0; +} core_option_Option_44; /** A monomorphic instance of core.result.Result @@ -484,10 +423,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { - Eurydice_slice fst[4U]; - Eurydice_slice snd[4U]; -} Eurydice_slice_uint8_t_4size_t__x2; +typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { + Eurydice_slice fst[2U]; + Eurydice_slice snd[2U]; +} Eurydice_slice_uint8_t_2size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 57231a2ff..cad194d8f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,6 +48,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -184,6 +192,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -320,6 +336,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 370d96d3b..503d8a62e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); /** Packed API @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_711( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); /** Packed API @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); /** Packed API @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 46a061db9..2d77d01ee 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_25(s, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); } /** @@ -60,7 +60,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,15 +68,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_250(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_7a(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index e2b08b63e..7a3bd7ee8 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "internal/libcrux_core.h" @@ -96,14 +96,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -117,14 +117,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -134,14 +133,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -152,14 +151,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 768 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( - uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( + uint8_t value[768U]) { + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -172,10 +171,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -186,11 +185,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } @@ -200,11 +199,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -212,7 +211,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -222,14 +221,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -243,14 +242,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -260,14 +259,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -278,14 +277,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( - uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -298,10 +297,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -312,11 +311,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } @@ -326,11 +325,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -338,7 +337,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -348,14 +347,14 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -369,13 +368,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -385,14 +385,14 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -403,14 +403,14 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1088 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( - uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( + uint8_t value[1088U]) { + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -423,10 +423,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -438,7 +438,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -479,7 +479,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -499,11 +499,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } @@ -513,11 +513,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -525,7 +525,7 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -536,7 +536,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -549,66 +549,6 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[24size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[24U]; - memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[20size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[20U]; - memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[10size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[10U]; - memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 4a0da578a..debf385d0 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,266 +5,241 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_core_H #define __libcrux_core_H #if defined(__cplusplus) -extern "C" -{ +extern "C" { #endif #include "eurydice_glue.h" - /** - A monomorphic instance of core.ops.range.Range - with types size_t +/** +A monomorphic instance of core.ops.range.Range +with types size_t - */ - typedef struct core_ops_range_Range_b3_s - { - size_t start; - size_t end; - } core_ops_range_Range_b3; +*/ +typedef struct core_ops_range_Range_b3_s { + size_t start; + size_t end; +} core_ops_range_Range_b3; #define core_option_None 0 #define core_option_Some 1 - typedef uint8_t core_option_Option_ef_tags; - - /** - A monomorphic instance of core.option.Option - with types size_t - - */ - typedef struct core_option_Option_b3_s - { - core_option_Option_ef_tags tag; - size_t f0; - } core_option_Option_b3; - - static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); - - static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey - with const generics - - $1568size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s - { - uint8_t value[1568U]; - } libcrux_ml_kem_types_MlKemPublicKey_1f; - - /** - A monomorphic instance of core.option.Option - with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] - - */ - typedef struct core_option_Option_99_s - { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_1f f0; - } core_option_Option_99; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey - with const generics - - $3168size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s - { - uint8_t value[3168U]; - } libcrux_ml_kem_types_MlKemPrivateKey_95; - - typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s - { - libcrux_ml_kem_types_MlKemPrivateKey_95 sk; - libcrux_ml_kem_types_MlKemPublicKey_1f pk; - } libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; - - typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s - { - uint8_t value[1568U]; - } libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; - - /** - A monomorphic instance of K. - with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], - uint8_t[32size_t] - - */ - typedef struct tuple_21_s - { - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; - uint8_t snd[32U]; - } tuple_21; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey - with const generics - - $1184size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s - { - uint8_t value[1184U]; - } libcrux_ml_kem_types_MlKemPublicKey_15; - - /** - A monomorphic instance of core.option.Option - with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] - - */ - typedef struct core_option_Option_92_s - { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_15 f0; - } core_option_Option_92; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey - with const generics - - $2400size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s - { - uint8_t value[2400U]; - } libcrux_ml_kem_types_MlKemPrivateKey_55; - - typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s - { - libcrux_ml_kem_types_MlKemPrivateKey_55 sk; - libcrux_ml_kem_types_MlKemPublicKey_15 pk; - } libcrux_ml_kem_mlkem768_MlKem768KeyPair; - - typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s - { - uint8_t value[1088U]; - } libcrux_ml_kem_mlkem768_MlKem768Ciphertext; - - /** - A monomorphic instance of K. - with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], - uint8_t[32size_t] - - */ - typedef struct tuple_3c_s - { - libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; - uint8_t snd[32U]; - } tuple_3c; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey - with const generics - - $800size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s - { - uint8_t value[800U]; - } libcrux_ml_kem_types_MlKemPublicKey_be; - - /** - A monomorphic instance of core.option.Option - with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - - */ - typedef struct core_option_Option_04_s - { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; - } core_option_Option_04; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey - with const generics - - $1632size_t - */ - typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s - { - uint8_t value[1632U]; - } libcrux_ml_kem_types_MlKemPrivateKey_5e; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair - with const generics - - $1632size_t - - $800size_t - */ - typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s - { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; - } libcrux_ml_kem_types_MlKemKeyPair_cb; - - /** - A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext - with const generics - - $768size_t - */ - typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s - { - uint8_t value[768U]; - } libcrux_ml_kem_types_MlKemCiphertext_e8; - - /** - A monomorphic instance of K. - with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - - */ - typedef struct tuple_ec_s - { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; - } tuple_ec; +typedef uint8_t core_option_Option_ef_tags; + +/** +A monomorphic instance of core.option.Option +with types size_t + +*/ +typedef struct core_option_Option_b3_s { + core_option_Option_ef_tags tag; + size_t f0; +} core_option_Option_b3; + +static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); + +static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1568size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_1f_s { + uint8_t value[1568U]; +} libcrux_ml_kem_types_MlKemPublicKey_1f; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$1568size_t]] + +*/ +typedef struct core_option_Option_99_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_1f f0; +} core_option_Option_99; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $3168size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_95_s { + uint8_t value[3168U]; +} libcrux_ml_kem_types_MlKemPrivateKey_95; + +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_95 sk; + libcrux_ml_kem_types_MlKemPublicKey_1f pk; +} libcrux_ml_kem_mlkem1024_MlKem1024KeyPair; + +typedef struct libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext_s { + uint8_t value[1568U]; +} libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1568size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_21_s { + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext fst; + uint8_t snd[32U]; +} tuple_21; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $1184size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_15_s { + uint8_t value[1184U]; +} libcrux_ml_kem_types_MlKemPublicKey_15; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] + +*/ +typedef struct core_option_Option_92_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_15 f0; +} core_option_Option_92; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $2400size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_55_s { + uint8_t value[2400U]; +} libcrux_ml_kem_types_MlKemPrivateKey_55; + +typedef struct libcrux_ml_kem_mlkem768_MlKem768KeyPair_s { + libcrux_ml_kem_types_MlKemPrivateKey_55 sk; + libcrux_ml_kem_types_MlKemPublicKey_15 pk; +} libcrux_ml_kem_mlkem768_MlKem768KeyPair; + +typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { + uint8_t value[1088U]; +} libcrux_ml_kem_mlkem768_MlKem768Ciphertext; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], +uint8_t[32size_t] + +*/ +typedef struct tuple_3c_s { + libcrux_ml_kem_mlkem768_MlKem768Ciphertext fst; + uint8_t snd[32U]; +} tuple_3c; #define core_result_Ok 0 #define core_result_Err 1 - typedef uint8_t core_result_Result_00_tags; - - /** - A monomorphic instance of core.result.Result - with types uint8_t[8size_t], core_array_TryFromSliceError - - */ - typedef struct core_result_Result_56_s - { - core_result_Result_00_tags tag; - union - { - uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; - } val; - } core_result_Result_56; - - /** - This function found in impl {core::result::Result} - */ - /** - A monomorphic instance of core.result.unwrap_41 - with types uint8_t[8size_t], core_array_TryFromSliceError - - */ - void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); - - typedef struct Eurydice_slice_uint8_t_x2_s - { - Eurydice_slice fst; - Eurydice_slice snd; - } Eurydice_slice_uint8_t_x2; - - typedef struct Eurydice_slice_uint8_t_1size_t__x2_s - { - Eurydice_slice fst[1U]; - Eurydice_slice snd[1U]; - } Eurydice_slice_uint8_t_1size_t__x2; +typedef uint8_t core_result_Result_00_tags; + +/** +A monomorphic instance of core.result.Result +with types uint8_t[8size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_56_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[8U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_56; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[8size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_ac(core_result_Result_56 self, uint8_t ret[8U]); + +typedef struct Eurydice_slice_uint8_t_x2_s { + Eurydice_slice fst; + Eurydice_slice snd; +} Eurydice_slice_uint8_t_x2; + +typedef struct Eurydice_slice_uint8_t_1size_t__x2_s { + Eurydice_slice fst[1U]; + Eurydice_slice snd[1U]; +} Eurydice_slice_uint8_t_1size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 7769b768b..e45f4a347 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 8f38be0c7..348a2c1d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -110,6 +130,13 @@ static tuple_21 encapsulate_6b( return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { @@ -119,6 +146,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( return encapsulate_6b(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -147,6 +177,16 @@ static tuple_21 encapsulate_unpacked_1c( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { @@ -157,6 +197,9 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( return encapsulate_unpacked_1c(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -175,6 +218,9 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -182,6 +228,9 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_91(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -201,6 +250,9 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -209,6 +261,9 @@ libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_87(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -221,6 +276,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index dc1d1a4be..9ad36777f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 62ab56360..ab538bf0b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_3e( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_3e(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_81( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_81(private_key, ciphertext, ret); } /** @@ -121,13 +121,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); } /** @@ -143,7 +143,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, uu____1); + return encapsulate_48(uu____0, uu____1); } /** @@ -167,14 +167,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_ac( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); } /** @@ -194,7 +194,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, uu____1); + return encapsulate_unpacked_ac(uu____0, uu____1); } /** @@ -212,11 +212,11 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(uu____0); + return generate_keypair_6e(uu____0); } /** @@ -245,10 +245,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_f5(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); } /** @@ -259,7 +259,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(uu____0); + return generate_keypair_unpacked_f5(uu____0); } /** @@ -273,8 +273,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_2a1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); } /** @@ -285,7 +285,7 @@ static bool validate_public_key_e11(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_2a1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 417e9fffa..6f550d51e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 56d0a6c67..e8619577b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 906114e72..1dc9ade54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_ec encapsulate_f8( return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( return encapsulate_f8(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_ec encapsulate_unpacked_ce( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( return encapsulate_unpacked_ce(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1a(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_38(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 67f26b584..e953e8cdf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 7ace12866..efda480b7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); +static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be0( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_3f(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_73( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_06( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_73(private_key, ciphertext, ret); } /** @@ -117,13 +117,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); } /** @@ -139,7 +139,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, uu____1); + return encapsulate_10(uu____0, uu____1); } /** @@ -163,14 +163,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_49( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); } /** @@ -188,7 +188,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, uu____1); + return encapsulate_unpacked_49(uu____0, uu____1); } /** @@ -206,11 +206,11 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); } /** @@ -220,7 +220,7 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(uu____0); + return generate_keypair_f9(uu____0); } /** @@ -239,10 +239,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_d6(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); } /** @@ -253,7 +253,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(uu____0); + return generate_keypair_unpacked_d6(uu____0); } /** @@ -267,8 +267,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_2a0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); } /** @@ -279,7 +279,7 @@ static bool validate_public_key_e10(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_2a0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 8d065f1d8..0deb92f42 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index f39c8d40c..1dc07a330 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index f7f161a44..a88c7b3ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -106,6 +126,13 @@ static tuple_3c encapsulate_ea( return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { @@ -115,6 +142,9 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( return encapsulate_ea(uu____0, uu____1); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -143,6 +173,14 @@ static tuple_3c encapsulate_unpacked_29( return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { @@ -153,6 +191,9 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( return encapsulate_unpacked_29(uu____0, uu____1); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -171,6 +212,9 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; @@ -178,6 +222,9 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { return generate_keypair_1b(uu____0); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -197,6 +244,9 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { @@ -205,6 +255,9 @@ libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( return generate_keypair_unpacked_42(uu____0); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +270,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 4bbf14bf5..34fd92317 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7556cb943..2e07aebd4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_03( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_03(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_69( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d4( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_69(private_key, ciphertext, ret); } /** @@ -117,13 +117,13 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); } /** @@ -139,7 +139,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, uu____1); + return encapsulate_4b(uu____0, uu____1); } /** @@ -163,14 +163,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_10( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, uu____1); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); } /** @@ -188,7 +188,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( public_key; uint8_t uu____1[32U]; memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, uu____1); + return encapsulate_unpacked_10(uu____0, uu____1); } /** @@ -206,11 +206,11 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); } /** @@ -220,7 +220,7 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(uu____0); + return generate_keypair_64(uu____0); } /** @@ -239,10 +239,10 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_c5(uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uu____0); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); } /** @@ -253,7 +253,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { uint8_t uu____0[64U]; memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(uu____0); + return generate_keypair_unpacked_c5(uu____0); } /** @@ -267,8 +267,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_2a(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); } /** @@ -279,7 +279,7 @@ static bool validate_public_key_e1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_2a(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 52536a0cf..002b28c6c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d454d6b36..3ed7fe16f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,17 +5,13 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ -#include "internal/libcrux_mlkem_avx2.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" -#include "internal/libcrux_sha3_avx2.h" +#include "libcrux_mlkem_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -34,9116 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { - return libcrux_ml_kem_vector_avx2_zero(); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { - return libcrux_ml_kem_vector_avx2_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, - int16_t ret[16U]) { - int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); - memcpy(ret, output, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { - libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, - __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, - __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { - return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, - int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c) { - return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - vector, constant); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, __m256i); - __m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); -} - -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); - __m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant) { - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant) { - return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - vector, constant); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); - __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); - __m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - __m256i mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); - __m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - __m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - vector); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - __m256i lhs, __m256i rhs) { - __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); - __m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, - zeta2, zeta3); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, __m256i); - __m256i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - rhs, zetas); - __m256i lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); -} - -KRML_MUSTINLINE __m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( - value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( - (int16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { - __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m128i rhs0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, - sum_times_zetas, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - vector, zeta0, zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, - sum_times_zetas, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, - zeta1); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - __m256i vector, int16_t zeta) { - __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - __m128i upper_coefficients0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { - return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( - v, - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); - __m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - __m256i result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - __m256i); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, __m256i); - __m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, __m128i); - __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, __m256i); - __m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, __m128i); - __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - __m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - __m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - __m256i right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - __m256i products_left0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_left); - __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, - (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, - (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, - (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, - (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - __m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - __m256i products_right0 = - libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - products_right); - __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, products_right0, __m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { - return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, - zeta1, zeta2, zeta3); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); - uint8_t serialized[2U] = {0U}; - serialized[0U] = (uint8_t)bits_packed; - serialized[1U] = (uint8_t)(bits_packed >> 8U); - memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, - uint8_t ret[2U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - __m256i vector, uint8_t ret[8U]) { - uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); - __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); - uint8_t ret0[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients_in_msb, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - __m256i vector, uint8_t ret[10U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[10U]; - core_result_Result_cd dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, - (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[20U]; - core_result_Result_7a dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); - memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, - 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - __m256i vector, uint8_t ret[22U]) { - int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { - uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), - lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); - uint8_t ret0[24U]; - core_result_Result_6f dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); - memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]) { - libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, - 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, - 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { - return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); -} - -KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i potential_coefficients = - libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - __m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); - uint8_t good[2U]; - libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, - good); - uint8_t lower_shuffles[16U]; - memcpy(lower_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[0U]], - (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); - size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); - uint8_t upper_shuffles[16U]; - memcpy(upper_shuffles, - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( - size_t)good[1U]], - (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, __m128i); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); - size_t uu____0 = sampled_count; - return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output) { - return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); - return lit; -} - -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); - } - return re; -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea -with const generics -- SHIFT_BY= 15 -*/ -static __m256i shift_right_ea_92(__m256i vector) { - return shift_right_98(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static __m256i to_unsigned_representative_a4(__m256i a) { - __m256i t = shift_right_ea_92(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_d01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static void closure_b81( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d1(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d1(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_6b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b1( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_1b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_b01( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca1(uu____0); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_5a1(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a21( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); -} - -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_45( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); - re->coefficients[j] = - libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); - } -} - -typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - __m256i fst; - __m256i snd; -} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_9d(b, zeta_r); - b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); - a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - self->coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - } - return out; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_971( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static __m256i to_standard_domain_42(__m256i v) { - return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - __m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f01( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_6c1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_151(uu____3, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; - memcpy( - uu____4, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e31( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_d01( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; - memcpy( - uu____2, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_b00 lit; - memcpy( - lit.fst, uu____2, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); - a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, - .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_91( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - __m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - self->coefficients[j], (int16_t)1441); - self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, - &error->coefficients[j])); - } -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_001( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); - } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static __m256i decompress_1_91(__m256i v) { - return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = - libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); - result.coefficients[i0] = - libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); - } - return result; -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 10 -*/ -static __m256i compress_ea_80(__m256i vector) { - return compress_ciphertext_coefficient_8a(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a0(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 11 -*/ -static __m256i compress_ea_800(__m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_841( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a1(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 4 -*/ -static __m256i compress_ea_801(__m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a2(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); - __m256i compressed_low1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, - compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); - __m256i compressed_high1 = - libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, - compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea -with const generics -- COEFFICIENT_BITS= 5 -*/ -static __m256i compress_ea_802(__m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_35( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_881( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_471(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_55(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 10 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { - return decompress_ciphertext_coefficient_55(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_550(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 11 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { - return decompress_ciphertext_coefficient_550(vector); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_551(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 4 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { - return decompress_ciphertext_coefficient_551(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_552(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const -generics -- COEFFICIENT_BITS= 5 -*/ -static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { - return decompress_ciphertext_coefficient_552(vector); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); - re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient_normal_form = - libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - b.coefficients[i0], (int16_t)1441); - b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], - &coefficient_normal_form)); - } - return b; -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); - __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c1( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); - } - return re; -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_201( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c41( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_d00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static void closure_b80( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d0(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d0(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_6b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b0( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_1b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_b00( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca0(uu____0); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_5a0(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a20( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_970( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_6c0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_150(uu____3, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; - memcpy( - uu____4, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_e30( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_d00( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; - memcpy( - uu____2, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_71 lit; - memcpy( - lit.fst, uu____2, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_000( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); - } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - __m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_880( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_470(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_fe0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); - ntt_vector_u_fe0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_8c0( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_200( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c40( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] - -*/ -typedef struct tuple_4c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; -} tuple_4c; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_avx2_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static void closure_b8( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_29 state = - libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); - return state; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d(uu____0); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_6b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_1b( - libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( - libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_1b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( - int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_b0( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca(uu____0); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_5a(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); - } - } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(uu____3[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_a2( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(uu____1, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - }); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t - -*/ -typedef struct tuple_74_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; - uint8_t snd; -} tuple_74; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - uint8_t out3[192U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_97( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); - i++) { - size_t i0 = i; - self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &rhs->coefficients[i0]); - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(uu____1, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_15(uu____3, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; - memcpy( - uu____4, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; - memcpy( - pk.t_as_ntt, uu____4, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; - memcpy( - uu____7, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; - memcpy( - sk.secret_as_ntt, uu____7, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_e3( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_d0( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = - ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = - ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( - Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( - uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; - memcpy( - uu____2, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - tuple_74 lit; - memcpy( - lit.fst, uu____2, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_420(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_00( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); - } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); - return result; -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_88( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(uu____0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_47(uu____2, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(uu____4); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = - &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, uu____4, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_fb(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_8c( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_20( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; - memcpy( - uu____0, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_c4( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, uu____6, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0c5c9ed7a..638c2cdaa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,9 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" -#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -30,505 +28,6 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -__m256i libcrux_ml_kem_vector_avx2_zero(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); - -__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); - -void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - __m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - __m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); - -#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant); - -__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); - -__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, - __m256i rhs); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -__m128i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, - int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); - -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); - -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); - -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, - int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); - -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); - -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, - uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, - uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, - uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, - uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); - -void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, - uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]); - -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( - Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); - -size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( - Eurydice_slice input, Eurydice_slice output); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::avx2::SIMD256Vector)} -*/ -size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, - Eurydice_slice output); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} -*/ -__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_avx2_SIMD256Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index f032daea7..7524cf6c2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,13 +5,16 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ -#include "libcrux_mlkem_neon.h" +#include "internal/libcrux_mlkem_neon.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +33,9279 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), + .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void) { + return libcrux_ml_kem_vector_neon_vector_type_ZERO(); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), + .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { + return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { + int16_t out[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + libcrux_intrinsics_arm64__vst1q_s16( + Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); + memcpy(ret, out, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); + lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + return lhs; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { + return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); + v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); + v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); + uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); + uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); + int16x8_t c0 = libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); + int16x8_t c1 = libcrux_intrinsics_arm64__vandq_s16( + c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); + v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(int16x8_t v) { + int16x8_t adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); + int16x8_t vec = libcrux_intrinsics_arm64__vqdmulhq_n_s16( + v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); + int16x8_t vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); + int16x8_t quotient = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, vec0, int16x8_t); + int16x8_t sub = libcrux_intrinsics_arm64__vmulq_n_s16( + quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_intrinsics_arm64__vsubq_s16(v, sub); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + int16x8_t low, int16x8_t high) { + int16x8_t k = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vmulq_n_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + int16x8_t c = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, + libcrux_intrinsics_arm64__vqdmulhq_n_s16( + k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + int16x8_t); + return libcrux_intrinsics_arm64__vsubq_s16(high, c); +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + int16x8_t v, int16_t c) { + int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); + int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + v.low = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.low, c); + v.high = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + v.high, c); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + v, c); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); + int16x8_t quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); + int16x8_t shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); + int16x8_t mask0 = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted, int16x8_t); + int16x8_t shifted_to_positive = + libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + int16x8_t shifted_positive_in_range = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range), + uint16x8_t)); + int16x8_t shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); + int16x8_t mask = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted0, int16x8_t); + int16x8_t shifted_to_positive0 = + libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + int16x8_t shifted_positive_in_range0 = + libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vshrq_n_u16( + (int32_t)15, + libcrux_intrinsics_arm64__vreinterpretq_u16_s16( + shifted_positive_in_range0), + uint16x8_t)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_compress_compress_1(v); +} + +KRML_MUSTINLINE int16_t +libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits) { + int16_t uu____0; + switch (coefficient_bits) { + case 4: { + uu____0 = (int16_t)15; + break; + } + case 5: { + uu____0 = (int16_t)31; + break; + } + case 10: { + uu____0 = (int16_t)1023; + break; + } + case 11: { + uu____0 = (int16_t)2047; + break; + } + default: { + int16_t x = coefficient_bits; + uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; + } + } + return uu____0; +} + +KRML_MUSTINLINE int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + int16x8_t v, int16x8_t c) { + int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); + int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( + (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), int16x8_t); + return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + v_low, v_high); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, + zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, + zeta); + int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + int16x8_t t = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + v.high, zeta0); + v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t a1 = + libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); + int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), + libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2) { + int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); + int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t b = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta); + v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn1q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( + libcrux_intrinsics_arm64__vtrn2q_s64( + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), + libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { + int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); + v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + b_minus_a, zeta0); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { + return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, + zeta2, zeta4, -zeta2, -zeta4}; + int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); + int16x8_t a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); + int16x8_t a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); + int16x8_t b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); + int16x8_t b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + int16x8_t a1b1 = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, + b1); + int32x4_t a1b1_low = libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a1b1), + libcrux_intrinsics_arm64__vget_low_s16(zeta)); + int32x4_t a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); + int16x8_t fst_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + int16x8_t fst_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); + int32x4_t a0b1_low = libcrux_intrinsics_arm64__vmull_s16( + libcrux_intrinsics_arm64__vget_low_s16(a0), + libcrux_intrinsics_arm64__vget_low_s16(b1)); + int32x4_t a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); + int16x8_t snd_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_s16( + a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), + libcrux_intrinsics_arm64__vget_low_s16(b0))); + int16x8_t snd_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); + int16x8_t fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); + int16x8_t fst_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); + int16x8_t snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); + int16x8_t snd_high16 = + libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + int16x8_t fst = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + fst_low16, fst_high16); + int16x8_t snd = + libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + snd_low16, snd_high16); + int32x4_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); + int32x4_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); + int16x8_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); + int16x8_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, + 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; + uint8x16_t index = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16x8_t low2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); + int16x8_t high2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8( + libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low2, .high = high2}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4) { + return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, + zeta3, zeta4); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, + (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; + int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); + int16x8_t low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); + int16x8_t high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); + int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); + int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + ret[0U] = (uint8_t)low; + ret[1U] = (uint8_t)high; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { + int16x8_t one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); + int16x8_t low0 = libcrux_intrinsics_arm64__vdupq_n_s16(( + int16_t)Eurydice_slice_index(a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + int16x8_t high0 = libcrux_intrinsics_arm64__vdupq_n_s16(( + int16_t)Eurydice_slice_index(a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, + (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; + int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); + int16x8_t low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); + int16x8_t high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = libcrux_intrinsics_arm64__vandq_s16(low, one), + .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { + int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, + (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; + int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); + uint16x8_t lowt = libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); + uint16x8_t hight = libcrux_intrinsics_arm64__vshlq_u16( + libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( + libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; + uint8_t ret0[8U]; + core_num__u64_9__to_le_bytes(sum, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_deserialize_4_0d(v); + int16_t input_i16s[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[10U]; + libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_5_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { + int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, low00, + low10, int32x4_t); + int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); + int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, high00, + high10, int32x4_t); + int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, high0, + high1, int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[20U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_10_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { + int16_t out_i16s[16U]; + libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); + libcrux_ml_kem_vector_portable_vector_type_PortableVector out = + libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( + (size_t)16U, out_i16s, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(v); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; + lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); + lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { + int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, low00, + low10, int32x4_t); + int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = + libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); + int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( + libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, high00, + high10, int32x4_t); + int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( + libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, high0, + high1, int64x2_t); + uint8_t result32[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); + libcrux_intrinsics_arm64__vst1q_u8( + uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + uint8_t result[24U] = {0U}; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, + Eurydice_slice), + uint8_t, void *); + memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { + libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { + uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, + 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; + uint8x16_t index_vec = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); + int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, + (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; + int16x8_t shift_vec = libcrux_intrinsics_arm64__vld1q_s16( + Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); + uint16x8_t mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint8_t input0[16U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8x16_t input_vec0 = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, input0, uint8_t, Eurydice_slice)); + uint8_t input1[16U] = {0U}; + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8x16_t input_vec1 = libcrux_intrinsics_arm64__vld1q_u8( + Eurydice_array_to_slice((size_t)16U, input1, uint8_t, Eurydice_slice)); + uint16x8_t moved0 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); + uint16x8_t shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); + int16x8_t low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); + uint16x8_t moved1 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( + libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); + uint16x8_t shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); + int16x8_t high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( + libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ + .low = low, .high = high}); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { + return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); +} + +KRML_MUSTINLINE size_t +libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { + size_t sampled = (size_t)0U; + core_slice_iter_Chunks iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, + core_slice_iter_Chunks), + core_slice_iter_Chunks, core_slice_iter_Chunks); + while (true) { + core_option_Option_44 uu____0 = + core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( + &iter, uint8_t, core_option_Option_44); + if (uu____0.tag == core_option_None) { + break; + } else { + Eurydice_slice bytes = uu____0.f0; + int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); + int16_t d1 = (b2 & (int16_t)15) << 8U | b1; + int16_t d2 = b3 << 4U | b2 >> 4U; + bool uu____1; + int16_t uu____2; + bool uu____3; + size_t uu____4; + int16_t uu____5; + size_t uu____6; + int16_t uu____7; + if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { + if (sampled < (size_t)16U) { + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = + d1; + sampled++; + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, + int16_t) = uu____5; + sampled++; + continue; + } + } + continue; + } + } + uu____2 = d2; + uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; + uu____1 = uu____2 < uu____7; + if (uu____1) { + uu____4 = sampled; + uu____3 = uu____4 < (size_t)16U; + if (uu____3) { + uu____5 = d2; + uu____6 = sampled; + Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = + uu____5; + sampled++; + continue; + } + } + } + } + return sampled; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out) { + return libcrux_ml_kem_vector_neon_rej_sample(a, out); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); + lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); + return lit; +} + +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + v.low = libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.low, int16x8_t); + v.high = + libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.high, int16x8_t); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 +with const generics +- SHIFT_BY= 15 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return shift_right_d3(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_unsigned_representative_64( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = + libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_neon_add_20(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_701( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_5d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + deserialize_ring_elements_reduced_a64( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_701( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] + +*/ +typedef struct tuple_4c0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; +} tuple_4c0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static void closure_de1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +typedef struct Simd128Hash_s { + libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; +} Simd128Hash; + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_6b1(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_48_551(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b1(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b71( + Simd128Hash *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[504U], void *); + uint8_t out3[504U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[504U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e91( + Simd128Hash *self, uint8_t ret[2U][504U]) { + shake128_squeeze_three_blocks_b71(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_7d1(Simd128Hash *st, + uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[168U], void *); + uint8_t out3[168U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[168U], void *); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_48_ad1( + Simd128Hash *self, uint8_t ret[2U][168U]) { + shake128_squeeze_block_7d1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +from_i16_array_89_f3(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_c01( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_551(uu____0); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e63( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block_48_ad1(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e64( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_d51(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_481( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_de1(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; + sample_from_xof_c01(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t + +*/ +typedef struct tuple_740_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; + uint8_t snd; +} tuple_740; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[192U], void *); + uint8_t out3[192U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[192U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_891(input, ret); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_f3(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_27(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + libcrux_ml_kem_vector_neon_multiply_by_constant_20( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); + re->coefficients[j] = uu____1; + } +} + +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +montgomery_multiply_fe_91( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +ntt_layer_int_vec_step_9c( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = + montgomery_multiply_fe_91(b, zeta_r); + b = libcrux_ml_kem_vector_neon_sub_20(a, &t); + a = libcrux_ml_kem_vector_neon_add_20(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + ntt_layer_int_vec_step_9c( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_f4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_d0( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_39( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + ntt_at_layer_7_67(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_48_a91(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c0( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_ntt_multiply_20( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + out.coefficients[i0] = uu____0; + } + return out; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_951( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c0 generate_keypair_unpacked_ff1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_771(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_481(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + memcpy( + uu____4, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; + memcpy(uu____5, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_891( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * + sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_701( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( + Eurydice_slice key_generation_seed) { + tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_701(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d81( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_851(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb +libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_161(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_d81( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c1( + uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + LowStar_Ignore_ignore(out2, uint8_t[128U], void *); + uint8_t out3[128U] = {0U}; + LowStar_Ignore_ignore(out3, uint8_t[128U], void *); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_892(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +sample_from_binomial_distribution_2c(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c3(randomness); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_48_a92(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + memcpy( + uu____2, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_740 lit; + memcpy( + lit.fst, uu____2, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + uint8_t dummy[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + re->coefficients[round] = uu____0;); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 +inv_ntt_layer_int_vec_step_reduce_27( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = + libcrux_ml_kem_vector_neon_sub_20(b, &a); + a = libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(a, &b)); + b = montgomery_multiply_fe_91(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ + .fst = a, .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_27( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_621( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_24( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + self->coefficients[j], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, + &error->coefficients[j])); + self->coefficients[j] = uu____0; + } +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae1(&result[i1], &product); + } + invert_ntt_montgomery_621(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_message_23(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_1_fc(coefficient_compressed); + re.coefficients[i0] = uu____0;); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +add_message_error_reduce_89_3a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + result.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &message->coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = + libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); + result.coefficients[i0] = uu____0; + } + return result; +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b1( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)10)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af(low00); + uint32x4_t low1 = compress_int32x4_t_af(low10); + uint32x4_t high0 = compress_int32x4_t_af(high00); + uint32x4_t high1 = compress_int32x4_t_af(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_43(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_ca0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af0(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)11)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af0(low00); + uint32x4_t low1 = compress_int32x4_t_af0(low10); + uint32x4_t high0 = compress_int32x4_t_af0(high00); + uint32x4_t high1 = compress_int32x4_t_af0(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_430(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_ca0(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af1(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)4)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af1(low00); + uint32x4_t low1 = compress_int32x4_t_af1(low10); + uint32x4_t high0 = compress_int32x4_t_af1(high00); + uint32x4_t high1 = compress_int32x4_t_af1(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_431(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_21( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af2(uint32x4_t v) { + uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); + uint32x4_t compressed = + libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, v, uint32x4_t); + uint32x4_t compressed0 = + libcrux_intrinsics_arm64__vaddq_u32(compressed, half); + uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( + libcrux_intrinsics_arm64__vqdmulhq_n_s32( + libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), + (int32_t)10321340)); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, + uint32x4_t); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress +with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + (int16_t)(int32_t)5)); + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = compress_int32x4_t_af2(low00); + uint32x4_t low1 = compress_int32x4_t_af2(low10); + uint32x4_t high0 = compress_int32x4_t_af2(high00); + uint32x4_t high1 = compress_int32x4_t_af2(high10); + int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); + v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 +with const generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return compress_432(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_2b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = + compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_4_21(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_541( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; + compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d71( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_201(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + deserialize_ring_elements_reduced_a63( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_481(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; + memcpy(uu____1, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c71( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_851(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_201(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_631(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)10 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 10 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_21( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_10_81(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_21(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a0(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)11 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de0( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a0(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a0(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a0(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a0(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 11 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_210( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de0(v); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_11_6b(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_210(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { + return deserialize_then_decompress_10_81(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_3c0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_331( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + ntt_vector_u_3c0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a1(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)4 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a1(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a1(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a1(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a1(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 4 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_211( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de1(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_4_60(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + decompress_ciphertext_coefficient_20_211(coefficient); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a2(uint32x4_t v) { + uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( + 1U << (uint32_t)((int32_t)5 - (int32_t)1)); + uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( + v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = + libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); + return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, decompressed0, + uint32x4_t); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_de2( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); + uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), + uint32x4_t); + uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( + libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( + (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), + uint32x4_t); + uint32x4_t low0 = decompress_uint32x4_t_7a2(low00); + uint32x4_t low1 = decompress_uint32x4_t_7a2(low10); + uint32x4_t high0 = decompress_uint32x4_t_7a2(high00); + uint32x4_t high1 = decompress_uint32x4_t_7a2(high10); + v.low = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); + v.high = libcrux_intrinsics_arm64__vtrn1q_s16( + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), + libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const +generics +- COEFFICIENT_BITS= 5 +*/ +static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +decompress_ciphertext_coefficient_20_212( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { + return decompress_ciphertext_coefficient_de2(v); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_5_25(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = + decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); + re.coefficients[i0] = uu____1; + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { + return deserialize_then_decompress_4_60(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_normal_form = + libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + b.coefficients[i0], (int16_t)1441); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], + &coefficient_normal_form)); + b.coefficients[i0] = uu____0; + } + return b; +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c71( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae1(&result, &product);); + invert_ntt_montgomery_621(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ab( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + to_unsigned_representative_64(re.coefficients[i0]); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + coefficient_compressed = + libcrux_ml_kem_vector_neon_compress_1_20(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_d61( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; + deserialize_then_decompress_u_331(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_440( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + uint8_t dummy[32U] = {0U}; + libcrux_sha3_neon_x2_shake256( + input, input, + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); + re.coefficients[i0] = uu____0; + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f1( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; + deserialize_secret_key_4f1(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_821( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_771( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e3( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_631( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_631(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_700( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_5d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + deserialize_ring_elements_reduced_a62( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static void closure_de0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_6b0(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_48_550(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b0(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b70( + Simd128Hash *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e90( + Simd128Hash *self, uint8_t ret[3U][504U]) { + shake128_squeeze_three_blocks_b70(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_7d0(Simd128Hash *st, + uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_48_ad0( + Simd128Hash *self, uint8_t ret[3U][168U]) { + shake128_squeeze_block_7d0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_c00( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_550(uu____0); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e61( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block_48_ad0(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e62( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_d50(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_480( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_de0(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; + sample_from_xof_c00(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_890(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_950( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_ff0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_770(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_480(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + memcpy( + uu____4, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; + memcpy(uu____5, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_890( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_700( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_700(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d80( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_850(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_160(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_d80( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_48_a90(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + memcpy( + uu____2, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_b00 lit; + memcpy( + lit.fst, uu____2, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_620( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae0(&result[i1], &product); + } + invert_ntt_montgomery_620(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b0( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_d70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_840(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_540( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; + compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d70( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + deserialize_ring_elements_reduced_a61( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_480(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; + memcpy(uu____1, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c70( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_850(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_20(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_630(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_330( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); + ntt_vector_u_3c0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae0(&result, &product);); + invert_ntt_montgomery_620(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_d60( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; + deserialize_then_decompress_u_330(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_440( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f0( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; + deserialize_secret_key_4f0(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_820( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_770( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e1( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_630( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_630(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_5d( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_77(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_70( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_5d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + deserialize_ring_elements_reduced_a60( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_neon_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static void closure_de( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_6b(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = + libcrux_sha3_neon_x2_incremental_shake128_init(); + libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { + uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + &state[1U], + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + Simd128Hash lit; + memcpy(lit.shake128_state, state, + (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE Simd128Hash +shake128_init_absorb_48_55(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b(uu____0); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b7( + Simd128Hash *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + st->shake128_state, + Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e9( + Simd128Hash *self, uint8_t ret[4U][504U]) { + shake128_squeeze_three_blocks_b7(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_7d(Simd128Hash *st, + uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + st->shake128_state, + Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + &st->shake128_state[1U], + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_48_ad( + Simd128Hash *self, uint8_t ret[4U][168U]) { + shake128_squeeze_block_7d(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( + int16_t s[272U]) { + return from_i16_array_89_f3(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_c0( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_55(uu____0); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_e6( + uu____1, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block_48_ad(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_e60( + uu____2, sampled_coefficients, out); + } + } + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_d5(uu____3[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_48( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_de(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; + sample_from_xof_c0(uu____1, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + }); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); + libcrux_sha3_neon_x2_shake256( + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_89(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_2c( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)16U, self->coefficients, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, + Eurydice_slice), + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = + libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], + &rhs->coefficients[i0]); + self->coefficients[i0] = uu____0; + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_95( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_ff( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_48_77(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_48(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + prf_input); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____2.snd; + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + memcpy( + uu____4, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; + memcpy(uu____5, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; + memcpy( + pk.t_as_ntt, uu____4, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + memcpy( + uu____7, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; + memcpy( + sk.secret_as_ntt, uu____7, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_89( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_06();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_neon_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + clone_d5_13(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_70( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = + ind_cpa_private_key; + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, uu____4, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = + ind_cpa_public_key; + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, uu____7, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_70(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_48_85(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_16(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_2c0( + uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_06();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_48_a9(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + memcpy( + uu____2, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + tuple_71 lit; + memcpy( + lit.fst, uu____2, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_b40(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_62( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_9b(&zeta_i, re); + invert_ntt_at_layer_2_4b(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_5f(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_6a( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_06();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ae(&result[i1], &product); + } + invert_ntt_montgomery_62(&result[i1]); + add_error_reduce_89_24(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_ring_element_v_9b( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = add_message_error_reduce_89_3a(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_55( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = + compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_55(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_d7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_84(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { + compress_then_serialize_5_2b(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_54( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator0 = uu____1.snd; + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_48_6e0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = + sample_from_binomial_distribution_2c(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; + compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = + deserialize_then_decompress_message_23(uu____4); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + compress_then_serialize_u_d7( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; + compress_then_serialize_ring_element_v_3f( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = + &public_key->ind_cpa_public_key; + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_200(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_reduced_ring_element_e3(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + deserialize_ring_elements_reduced_a6( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_48(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; + memcpy(uu____1, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + memcpy(public_key_unpacked.seed_for_A, uu____2, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, uu____1, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &public_key_unpacked; + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_neon_Simd128Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_c7( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_48_85(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_200(uu____4); + uint8_t shared_secret_array[32U]; + kdf_af_63(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { + return deserialize_then_decompress_11_6b(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_3c( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_f4(&zeta_i, re); + ntt_at_layer_2_d0(&zeta_i, re); + ntt_at_layer_1_39(&zeta_i, re); + poly_barrett_reduce_89_5f(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_33( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); + ntt_vector_u_3c(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { + return deserialize_then_decompress_5_25(serialized); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c +compute_message_c7( + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = + ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ae(&result, &product);); + invert_ntt_montgomery_62(&result); + result = subtract_reduce_89_25(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_d6( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; + deserialize_then_decompress_u_33(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = + deserialize_then_decompress_ring_element_v_44( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = + compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ab(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::neon::Simd128Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b4(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_4f( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_06();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = + deserialize_to_uncompressed_ring_element_10(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; + deserialize_secret_key_4f(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + memcpy( + uu____0, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, uu____0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); + uint8_t ret0[32U]; + decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, +libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_82( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_97( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_48_77( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_48_6e( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_63( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_63(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 24f4c33dd..80f89c5b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem_neon_H @@ -20,6 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -28,6 +29,571 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); +typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { + int16x8_t low; + int16x8_t high; +} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_ZERO(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ZERO_20(void); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); + +void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_to_i16_array_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_add( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_add_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_sub( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_sub_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_cond_subtract_3329_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +int16x8_t libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( + int16x8_t v); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_barrett_reduce_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( + int16x8_t low, int16x8_t high); + +int16x8_t +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( + int16x8_t v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_compress_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_compress_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); + +int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( + int16_t coefficient_bits); + +int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( + int16x8_t v, int16x8_t c); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, + int16_t zeta2); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, + int16_t zeta2); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_ntt_multiply( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_ntt_multiply_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, + int16_t zeta2, int16_t zeta3, int16_t zeta4); + +void libcrux_ml_kem_vector_neon_serialize_serialize_1( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_1_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_4( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_4_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_5( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_5_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_10( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_10_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_11( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_11_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); + +void libcrux_ml_kem_vector_neon_serialize_serialize_12( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +void libcrux_ml_kem_vector_neon_serialize_12_20( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); + +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); + +size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, + Eurydice_slice result); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, + Eurydice_slice out); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} +*/ +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +libcrux_ml_kem_vector_neon_vector_type_clone_ed( + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { + libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 25d2df9e0..4cf1af2e8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,6 +68,123 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { @@ -93,6 +210,276 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { uint8_t r0 = @@ -273,42 +660,20 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t) >> 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); } KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -350,537 +715,6 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE - [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, - 255U, 255U, 255U}, - {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 255U, 255U}, - {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, - 255U, 255U, 255U}, - {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, - 15U, 255U, 255U}, - {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, - 255U, 255U, 255U, 255U, 255U}, - {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, - 255U, 255U, 255U, 255U}, - {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, - 15U, 255U, 255U}, - {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, - 13U, 14U, 15U}}; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1548,331 +1382,88 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); - for (size_t i = (size_t)8U; - i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { - size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); - } - return result; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); + for (size_t i = (size_t)8U; + i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { + size_t i0 = i; + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); + } + return result; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); } KRML_MUSTINLINE uint8_t_x5 @@ -1961,112 +1552,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); -} - KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -2315,7 +1800,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2349,8 +1834,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -2381,12 +1866,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -2398,7 +1883,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2412,7 +1897,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2431,8 +1916,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_83(v); } /** @@ -2442,10 +1927,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_af( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_bf(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2458,14 +1943,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_af(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -2489,7 +1974,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -2508,7 +1993,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2528,7 +2013,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_9a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2536,7 +2021,7 @@ static KRML_MUSTINLINE void serialize_public_key_801( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); + serialize_secret_key_e81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2557,15 +2042,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_524( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2596,7 +2081,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2607,10 +2092,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_821( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -2628,7 +2113,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_751(uint8_t input[4U][34U]) { +shake128_init_absorb_411(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2658,10 +2143,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { uint8_t uu____0[4U][34U]; memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_751(uu____0); + return shake128_init_absorb_411(uu____0); } /** @@ -2670,7 +2155,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_541( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2692,9 +2177,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_101(self, ret); + shake128_squeeze_three_blocks_541(self, ret); } /** @@ -2745,7 +2230,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2784,7 +2269,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_881(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2805,9 +2290,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_681( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_ed1(self, ret); + shake128_squeeze_block_881(self, ret); } /** @@ -2858,7 +2343,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2902,8 +2387,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_48(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2924,9 +2409,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2937,29 +2422,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_f61( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; uint8_t uu____0[4U][34U]; memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_111(uu____0); + PortableHash_d1 xof_state = shake128_init_absorb_f1_511(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); uint8_t uu____1[4U][504U]; memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( + bool done = sample_from_uniform_distribution_next_023( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_c11(&xof_state, randomness); + shake128_squeeze_block_f1_681(&xof_state, randomness); uint8_t uu____2[4U][168U]; memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( + done = sample_from_uniform_distribution_next_024( uu____2, sampled_coefficients, out); } } @@ -2967,7 +2452,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b1( memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(uu____3[i]);); + ret0[i] = closure_131(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2980,12 +2465,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -2998,7 +2483,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t uu____1[4U][34U]; memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(uu____1, sampled); + sample_from_xof_f61(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3037,7 +2522,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -3059,9 +2544,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_632(input, ret); } /** @@ -3120,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -3156,7 +2641,7 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -3167,7 +2652,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -3202,7 +2687,7 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( + return from_i16_array_89_48(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -3213,8 +2698,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_e3(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c8(randomness); } /** @@ -3223,7 +2708,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_1c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3251,7 +2736,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_29( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3265,12 +2750,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_29(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3284,7 +2769,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3297,7 +2782,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3314,7 +2799,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_c1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3332,7 +2817,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3352,7 +2837,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_c9( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3380,7 +2865,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_55( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3398,17 +2883,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_1c(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -3424,11 +2909,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3439,12 +2924,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( + re_as_ntt[i0] = sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( uu____2, re_as_ntt, @@ -3495,9 +2980,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3534,7 +3019,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_8e1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3561,7 +3046,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3577,14 +3062,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3602,14 +3087,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3632,10 +3117,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3692,10 +3177,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); + G_f1_111(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3703,14 +3188,14 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_551(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(uu____1, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3721,10 +3206,10 @@ static tuple_540 generate_keypair_unpacked_f41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3773,10 +3258,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_f21( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -3789,7 +3274,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3811,7 +3296,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3829,7 +3314,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3838,18 +3323,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3859,13 +3344,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_9a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3905,18 +3390,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, + serialize_public_key_9a1(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1536U]; memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); uint8_t uu____2[1568U]; @@ -3937,7 +3422,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_6b( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3966,7 +3451,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); + H_f1_af1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -4007,7 +3492,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -4017,13 +3502,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_e81(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( + serialize_kem_secret_key_6b( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -4032,12 +3517,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { uint8_t uu____1[3168U]; memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(uu____1); + libcrux_ml_kem_types_from_05_e00(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; uint8_t uu____3[1568U]; memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(uu____3)); + return libcrux_ml_kem_types_from_17_2c0( + uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); } /** @@ -4053,10 +3538,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -4067,11 +3552,11 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_772(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; @@ -4091,7 +3576,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -4109,9 +3594,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -4120,7 +3605,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4144,7 +3629,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4164,7 +3649,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4184,7 +3669,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4192,7 +3677,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_29(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4204,7 +3689,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4219,7 +3704,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_56( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4236,18 +3721,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -4260,7 +3745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4287,14 +3772,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -4316,11 +3801,11 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e1(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d41(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4334,7 +3819,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4348,8 +3833,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4359,7 +3844,7 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_e9(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4375,7 +3860,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4408,18 +3893,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_c81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -4429,7 +3914,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4450,9 +3935,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_94(v); } /** @@ -4461,7 +3946,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4483,8 +3968,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_940(v); } /** @@ -4493,14 +3978,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_2d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4521,10 +4006,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_2d0(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4540,7 +4025,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_251( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4558,7 +4043,7 @@ static void compress_then_serialize_u_241( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_d80(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4572,7 +4057,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4594,8 +4079,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_941(v); } /** @@ -4604,14 +4089,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4629,7 +4114,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4651,8 +4136,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_942(v); } /** @@ -4661,14 +4146,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4687,9 +4172,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_b9(re, out); } /** @@ -4751,14 +4236,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_651( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(uu____0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4766,7 +4251,7 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_2c1(uu____2, domain_separator0); + tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4774,32 +4259,32 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( + PRF_f1_6f4( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( + compress_then_serialize_u_251( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( + compress_then_serialize_ring_element_v_d60( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4825,11 +4310,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4841,7 +4326,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4855,7 +4340,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -4864,7 +4349,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_01_200(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; @@ -4883,7 +4368,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4905,12 +4390,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4922,7 +4407,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4948,10 +4433,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( + deserialize_ring_elements_reduced_523( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4959,8 +4444,8 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_551(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4990,7 +4475,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -5005,7 +4490,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -5033,15 +4518,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( + entropy_preprocess_af_a1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -5049,8 +4534,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + H_f1_af1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -5058,7 +4543,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5068,18 +4553,18 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1568U]; memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(uu____4); + libcrux_ml_kem_types_from_01_200(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -5096,7 +4581,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5121,9 +4606,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_cc( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_41(v); } /** @@ -5133,8 +4618,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_02(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -5146,7 +4631,7 @@ deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_cc(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5159,7 +4644,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_410( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5184,9 +4669,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_cc0( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_410(v); } /** @@ -5196,8 +4681,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_a4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -5209,7 +4694,7 @@ deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_cc0(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5222,8 +4707,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { + return deserialize_then_decompress_11_a4(serialized); } /** @@ -5232,17 +4717,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_d70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -5257,12 +4742,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_201( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -5281,8 +4766,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); - ntt_vector_u_ed0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); + ntt_vector_u_d70(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5296,7 +4781,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_411( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5321,9 +4806,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_cc1( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_411(v); } /** @@ -5333,8 +4818,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_b6(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -5345,7 +4830,7 @@ deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_cc1(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5358,7 +4843,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_412( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5383,9 +4868,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_cc2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_412(v); } /** @@ -5395,8 +4880,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_9f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -5408,7 +4893,7 @@ deserialize_then_decompress_5_53(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5421,8 +4906,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { + return deserialize_then_decompress_5_9f(serialized); } /** @@ -5436,7 +4921,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5467,17 +4952,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e1(&result, &product);); + invert_ntt_montgomery_d41(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -5487,13 +4972,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_af(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5543,20 +5028,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_181( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_201(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_670( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5565,7 +5050,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5583,8 +5068,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -5609,15 +5094,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5629,7 +5114,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5639,7 +5124,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( + libcrux_ml_kem_utils_into_padded_array_973( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5648,9 +5133,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5658,10 +5143,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5680,8 +5165,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5706,12 +5191,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_6b1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5723,7 +5208,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5741,10 +5226,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_6b1(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( uu____0, secret_as_ntt, @@ -5755,7 +5240,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5781,7 +5266,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_711( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5801,9 +5286,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5812,7 +5297,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61( + G_f1_111( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5822,31 +5307,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( + PRF_f1_6f3( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( + kdf_af_f4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); + kdf_af_f4(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + libcrux_ml_kem_types_as_ref_00_f00(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5870,12 +5355,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5887,7 +5372,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5905,7 +5390,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5924,7 +5409,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5944,14 +5429,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_9a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); + serialize_secret_key_e80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5972,15 +5457,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_522( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5997,10 +5482,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c0_s { +typedef struct tuple_4c_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c0; +} tuple_4c; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -6011,7 +5496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -6022,10 +5507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_820( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6043,7 +5528,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_750(uint8_t input[2U][34U]) { +shake128_init_absorb_410(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -6073,10 +5558,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { +shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { uint8_t uu____0[2U][34U]; memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_750(uu____0); + return shake128_init_absorb_410(uu____0); } /** @@ -6085,7 +5570,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_540( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -6107,9 +5592,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_100(self, ret); + shake128_squeeze_three_blocks_540(self, ret); } /** @@ -6160,7 +5645,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6199,7 +5684,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_880(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6220,9 +5705,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_680( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_ed0(self, ret); + shake128_squeeze_block_880(self, ret); } /** @@ -6273,7 +5758,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6313,9 +5798,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -6326,29 +5811,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_f60( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; uint8_t uu____0[2U][34U]; memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_110(uu____0); + PortableHash_8b xof_state = shake128_init_absorb_f1_510(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); uint8_t uu____1[2U][504U]; memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( + bool done = sample_from_uniform_distribution_next_021( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_c10(&xof_state, randomness); + shake128_squeeze_block_f1_680(&xof_state, randomness); uint8_t uu____2[2U][168U]; memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( + done = sample_from_uniform_distribution_next_022( uu____2, sampled_coefficients, out); } } @@ -6356,7 +5841,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b0( memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(uu____3[i]);); + ret0[i] = closure_130(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6369,12 +5854,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -6387,7 +5872,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t uu____1[2U][34U]; memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(uu____1, sampled); + sample_from_xof_f60(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6415,10 +5900,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_740_s { +typedef struct tuple_74_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_740; +} tuple_74; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -6426,7 +5911,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6448,9 +5933,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_630(input, ret); } /** @@ -6460,8 +5945,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_e30(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b8(randomness); } /** @@ -6477,11 +5962,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6492,17 +5977,17 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_770(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( + re_as_ntt[i0] = sample_from_binomial_distribution_e30( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6524,7 +6009,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_8e0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6553,14 +6038,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6583,10 +6068,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6643,10 +6128,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); + G_f1_110(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6654,14 +6139,14 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_550(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(uu____1, 0U); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6672,10 +6157,10 @@ static tuple_4c0 generate_keypair_unpacked_f40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6707,7 +6192,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( memcpy( sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } /** @@ -6724,10 +6209,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_f20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -6739,7 +6224,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6757,7 +6242,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6766,18 +6251,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6787,13 +6272,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_9a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6833,18 +6318,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, + serialize_public_key_9a0(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[768U]; memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); uint8_t uu____2[800U]; @@ -6865,7 +6350,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_b4( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6894,7 +6379,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); + H_f1_af0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6935,7 +6420,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6945,13 +6430,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_e80(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( + serialize_kem_secret_key_b4( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6960,12 +6445,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { uint8_t uu____1[1632U]; memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); + libcrux_ml_kem_types_from_05_e01(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; uint8_t uu____3[800U]; memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + return libcrux_ml_kem_types_from_17_2c1( + uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); } /** @@ -6974,7 +6459,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6996,9 +6481,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_631(input, ret); } /** @@ -7013,11 +6498,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -7028,18 +6513,18 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_771(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_740 lit; + tuple_74 lit; memcpy( lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7057,9 +6542,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -7068,18 +6553,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -7091,14 +6576,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7120,11 +6605,11 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e0(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d40(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7141,18 +6626,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_c80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -7162,14 +6647,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -7190,10 +6675,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_54(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -7209,7 +6694,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_250( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -7227,7 +6712,7 @@ static void compress_then_serialize_u_240( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -7242,9 +6727,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_09(re, out); } /** @@ -7306,14 +6791,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_650( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(uu____0, 0U); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -7321,7 +6806,7 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_2c0(uu____2, domain_separator0); + tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7329,31 +6814,31 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( + PRF_f1_6f2( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_250( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -7379,11 +6864,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7395,7 +6880,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7409,7 +6894,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -7418,7 +6903,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_201(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; @@ -7437,7 +6922,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7459,12 +6944,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7476,7 +6961,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7502,10 +6987,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( + deserialize_ring_elements_reduced_521( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -7513,8 +6998,8 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_550(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -7544,7 +7029,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7559,7 +7044,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7587,15 +7072,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( + entropy_preprocess_af_57( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -7603,8 +7088,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + H_f1_af0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -7612,7 +7097,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7622,18 +7107,18 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[768U]; memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_201(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7650,8 +7135,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { + return deserialize_then_decompress_10_02(serialized); } /** @@ -7660,17 +7145,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_d7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c1(&zeta_i, re); + ntt_at_layer_2_46(&zeta_i, re); + ntt_at_layer_1_c9(&zeta_i, re); + poly_barrett_reduce_89_55(re); } /** @@ -7685,12 +7170,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_200( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7709,8 +7194,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7724,8 +7209,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { + return deserialize_then_decompress_4_b6(serialized); } /** @@ -7741,17 +7226,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e0(&result, &product);); + invert_ntt_montgomery_d40(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -7789,20 +7274,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_180( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_200(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_67( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7816,8 +7301,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -7842,14 +7327,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7861,7 +7346,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7871,7 +7356,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( + libcrux_ml_kem_utils_into_padded_array_974( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7880,9 +7365,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7890,10 +7375,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7914,12 +7399,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_6b0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7931,7 +7416,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7949,10 +7434,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_6b0(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( uu____0, secret_as_ntt, @@ -7963,7 +7448,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7989,7 +7474,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_710( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -8008,9 +7493,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -8019,7 +7504,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60( + G_f1_110( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -8029,31 +7514,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( + PRF_f1_6f1( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( + kdf_af_26( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); + kdf_af_26(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + libcrux_ml_kem_types_as_ref_00_f01(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -8077,12 +7562,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -8094,7 +7579,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8112,7 +7597,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -8131,7 +7616,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); + serialize_uncompressed_ring_element_05(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -8151,7 +7636,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_9a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -8159,7 +7644,7 @@ static KRML_MUSTINLINE void serialize_public_key_80( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); + serialize_secret_key_e8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -8180,15 +7665,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_520( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -8219,7 +7704,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8230,10 +7715,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_82( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8251,7 +7736,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_75(uint8_t input[3U][34U]) { +shake128_init_absorb_41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -8281,10 +7766,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { uint8_t uu____0[3U][34U]; memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_75(uu____0); + return shake128_init_absorb_41(uu____0); } /** @@ -8293,7 +7778,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_54( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -8315,9 +7800,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_10(self, ret); + shake128_squeeze_three_blocks_54(self, ret); } /** @@ -8368,7 +7853,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8407,7 +7892,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_88(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8428,9 +7913,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_68( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_ed(self, ret); + shake128_squeeze_block_88(self, ret); } /** @@ -8481,7 +7966,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8521,9 +8006,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( + return from_i16_array_89_48(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8534,29 +8019,29 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_f6( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; uint8_t uu____0[3U][34U]; memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_11(uu____0); + PortableHash_58 xof_state = shake128_init_absorb_f1_51(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); uint8_t uu____1[3U][504U]; memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( + bool done = sample_from_uniform_distribution_next_02( uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_c1(&xof_state, randomness); + shake128_squeeze_block_f1_68(&xof_state, randomness); uint8_t uu____2[3U][168U]; memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( + done = sample_from_uniform_distribution_next_020( uu____2, sampled_coefficients, out); } } @@ -8564,7 +8049,7 @@ static KRML_MUSTINLINE void sample_from_xof_2b( memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(uu____3[i]);); + ret0[i] = closure_13(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8577,12 +8062,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; uint8_t uu____0[34U]; @@ -8595,7 +8080,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t uu____1[3U][34U]; memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(uu____1, sampled); + sample_from_xof_f6(uu____1, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8634,7 +8119,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8656,9 +8141,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_63(input, ret); } /** @@ -8674,11 +8159,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); + re_as_ntt[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8689,12 +8174,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( + re_as_ntt[i0] = sample_from_binomial_distribution_e3( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( uu____2, re_as_ntt, @@ -8721,7 +8206,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8750,14 +8235,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8780,10 +8265,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8840,10 +8325,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); + G_f1_11(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8851,14 +8336,14 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); + sample_matrix_A_55(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); uint8_t uu____1[33U]; memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(uu____1, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8869,10 +8354,10 @@ static tuple_9b generate_keypair_unpacked_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8921,10 +8406,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_f2( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_02();); } /** @@ -8936,7 +8421,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8954,7 +8439,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8963,18 +8448,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_93(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8984,13 +8469,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_9a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -9030,18 +8515,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, + serialize_public_key_9a(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); uint8_t uu____1[1152U]; memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); uint8_t uu____2[1184U]; @@ -9062,7 +8547,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_97( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -9091,7 +8576,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); + H_f1_af(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -9132,7 +8617,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -9142,13 +8627,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_e8(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( + serialize_kem_secret_key_97( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -9157,12 +8642,12 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { uint8_t uu____1[2400U]; memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(uu____1); + libcrux_ml_kem_types_from_05_e0(uu____1); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; uint8_t uu____3[1184U]; memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(uu____3)); + return libcrux_ml_kem_types_from_17_2c( + uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); } /** @@ -9178,10 +8663,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); + error_1[i] = ZERO_89_02();); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -9192,11 +8677,11 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_77(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; @@ -9221,9 +8706,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_b60(input, ret); } /** @@ -9232,18 +8717,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_2a(&zeta_i, re); + invert_ntt_at_layer_2_84(&zeta_i, re); + invert_ntt_at_layer_3_75(&zeta_i, re); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_55(re); } /** @@ -9255,14 +8740,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_02();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -9284,11 +8769,11 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_f7(a_element, &r_as_ntt[j]); + add_to_ring_element_89_8e(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_d4(&result[i1]); + add_error_reduce_89_b9(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9305,18 +8790,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_c8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = add_message_error_reduce_89_11(error_2, message, result); return result; } @@ -9332,7 +8817,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_25( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -9350,7 +8835,7 @@ static void compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_d8(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -9417,14 +8902,14 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_65( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); uint8_t uu____0[33U]; memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(uu____0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9432,7 +8917,7 @@ static void encrypt_unpacked_6c( uint8_t domain_separator0 = uu____1.snd; uint8_t uu____2[33U]; memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_2c(uu____2, domain_separator0); + tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9440,31 +8925,31 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( + PRF_f1_6f0( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( + sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(uu____4); + deserialize_then_decompress_message_cb(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_25( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( + compress_then_serialize_ring_element_v_d6( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -9490,11 +8975,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9506,7 +8991,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9520,7 +9005,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____3[32U]; memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, @@ -9529,7 +9014,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; @@ -9548,7 +9033,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9570,12 +9055,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9587,7 +9072,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_d2(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9613,10 +9098,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( + deserialize_ring_elements_reduced_52( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -9624,8 +9109,8 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); + sample_matrix_A_55(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -9655,7 +9140,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t uu____4[32U]; memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9670,7 +9155,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9698,15 +9183,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( + entropy_preprocess_af_d2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -9714,8 +9199,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + H_f1_af(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -9723,7 +9208,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9733,18 +9218,18 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); uint8_t uu____3[32U]; memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t uu____4[1088U]; memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(uu____4); + libcrux_ml_kem_types_from_01_20(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; uint8_t uu____6[32U]; memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9766,12 +9251,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_20( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -9790,8 +9275,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); + ntt_vector_u_d7(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9811,17 +9296,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_8e(&result, &product);); + invert_ntt_montgomery_d4(&result); + result = subtract_reduce_89_d2(v, result); return result; } @@ -9859,20 +9344,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_18( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_20(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_67( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9886,8 +9371,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { + PRF_b6(input, ret); } /** @@ -9912,14 +9397,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9931,7 +9416,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9941,7 +9426,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( + libcrux_ml_kem_utils_into_padded_array_970( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9950,9 +9435,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9960,10 +9445,10 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( uint8_t uu____4[32U]; memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9984,12 +9469,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_6b( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_02();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -10001,7 +9486,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_00(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -10019,10 +9504,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_6b(secret_key, secret_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( uu____0, secret_as_ntt, @@ -10033,7 +9518,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10059,7 +9544,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_71( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -10078,9 +9563,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( + libcrux_ml_kem_utils_into_padded_array_97( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -10089,7 +9574,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6( + G_f1_11( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -10099,31 +9584,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( + PRF_f1_6f( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; uint8_t uu____6[32U]; memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( + kdf_af_69( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); + kdf_af_69(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + libcrux_ml_kem_types_as_ref_00_f0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 0088ab487..d4b1c0ce7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_mlkem_portable_H @@ -39,10 +39,49 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -53,6 +92,55 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -82,23 +170,9 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -109,22 +183,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -extern const uint8_t - libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] - [16U]; - /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -501,55 +559,6 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -565,19 +574,6 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index a0797a0ce..f83fa6654 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_fd(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_fd0(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_fd1(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_fd2(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_fd3(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_fd4(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index fb89c890d..569a83ca1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,2304 +5,69 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ -#include "internal/libcrux_sha3_avx2.h" - -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); -} - -static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); -} - -static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { - __m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); -} - -static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, - size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); - memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_4(Eurydice_slice out[4U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice out2 = out[2U]; - Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( - out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out20 = uu____2.fst; - Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( - out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out30 = uu____3.fst; - Eurydice_slice out31 = uu____3.snd; - Eurydice_slice_uint8_t_4size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.fst[2U] = out20; - lit.fst[3U] = out30; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - lit.snd[2U] = out21; - lit.snd[3U] = out31; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 -split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { - return split_at_mut_4(a, mid); -} - -/** - Create a new Shake128 x4 state. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { - libcrux_sha3_generic_keccak_KeccakState_29 lit; - lit.st[0U][0U] = zero_ef(); - lit.st[0U][1U] = zero_ef(); - lit.st[0U][2U] = zero_ef(); - lit.st[0U][3U] = zero_ef(); - lit.st[0U][4U] = zero_ef(); - lit.st[1U][0U] = zero_ef(); - lit.st[1U][1U] = zero_ef(); - lit.st[1U][2U] = zero_ef(); - lit.st[1U][3U] = zero_ef(); - lit.st[1U][4U] = zero_ef(); - lit.st[2U][0U] = zero_ef(); - lit.st[2U][1U] = zero_ef(); - lit.st[2U][2U] = zero_ef(); - lit.st[2U][3U] = zero_ef(); - lit.st[2U][4U] = zero_ef(); - lit.st[3U][0U] = zero_ef(); - lit.st[3U][1U] = zero_ef(); - lit.st[3U][2U] = zero_ef(); - lit.st[3U][3U] = zero_ef(); - lit.st[3U][4U] = zero_ef(); - lit.st[4U][0U] = zero_ef(); - lit.st[4U][1U] = zero_ef(); - lit.st[4U][2U] = zero_ef(); - lit.st[4U][3U] = zero_ef(); - lit.st[4U][4U] = zero_ef(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - __m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void theta_rho_71( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], - s->st[3U][0U], s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], - s->st[3U][1U], s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], - s->st[3U][2U], s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], - s->st[3U][3U], s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], - s->st[3U][4U], s->st[4U][4U])}; - __m256i uu____0 = - rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - __m256i uu____1 = - rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - __m256i uu____2 = - rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - __m256i uu____3 = - rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - __m256i t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void pi_01( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void chi_9b( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_ef( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void iota_09( - libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { - s->st[0U][0U] = xor_constant_ef( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_x86___m256i -with const generics -- N= 4 -*/ -static KRML_MUSTINLINE void keccakf1600_07( - libcrux_sha3_generic_keccak_KeccakState_29 *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_37( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - __m256i(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c7(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)136U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], - uint8_t ret[4U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - uint8_t out2[200U] = {0U}; - uint8_t out3[200U] = {0U}; - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; - store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____3[200U]; - memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], - uint8_t ret[4U][200U]) { - store_block_full_0b(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_e9(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e9( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_77( - libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); - uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], - Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____4 = - split_at_mut_n_ef(out, (size_t)136U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o1[4U]; - memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_4size_t__x2 uu____5 = - split_at_mut_n_ef(o1, (size_t)136U); - Eurydice_slice o[4U]; - memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice orest[4U]; - memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); - memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_77(s, o1); - } - } -} +#include "libcrux_sha3_avx2.h" /** Perform 4 SHAKE256 operations in parallel */ -void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice input2, Eurydice_slice input3, - Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( + Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, + Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Initialise the [`KeccakState`]. */ -libcrux_sha3_generic_keccak_KeccakState_29 +KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], - Eurydice_slice blocks[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; - load_block_c70(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_5e0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[4U][200U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; - uint8_t uu____4[4U][200U]; - memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Absorb */ -void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], - Eurydice_slice out[4U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { - size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v3); - } - size_t rem = (size_t)168U % (size_t)32U; - size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); - uint8_t u8s[32U] = {0U}; - size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; - size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - if (rem == (size_t)16U) { - uint8_t u8s0[32U] = {0U}; - size_t i = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; - size_t j = - ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: -usize> for core::core_arch::x86::__m256i)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - store_block_e90(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_1c0( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze another block */ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_e90( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o2[4U]; - memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze three blocks */ -void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks -with types core_core_arch_x86___m256i -with const generics -- N= 4 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - Eurydice_slice_uint8_t_4size_t__x2 uu____0 = - split_at_mut_n_ef(out, (size_t)168U); - Eurydice_slice o0[4U]; - memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o10[4U]; - memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); - Eurydice_slice_uint8_t_4size_t__x2 uu____1 = - split_at_mut_n_ef(o10, (size_t)168U); - Eurydice_slice o1[4U]; - memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o20[4U]; - memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - Eurydice_slice_uint8_t_4size_t__x2 uu____2 = - split_at_mut_n_ef(o20, (size_t)168U); - Eurydice_slice o2[4U]; - memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o30[4U]; - memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); - Eurydice_slice_uint8_t_4size_t__x2 uu____3 = - split_at_mut_n_ef(o30, (size_t)168U); - Eurydice_slice o3[4U]; - memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); - Eurydice_slice o4[4U]; - memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2310,20 +75,22 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Absorb */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2331,10 +98,11 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2342,8 +110,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index fca89dc4c..06c3fa6fc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_avx2_H @@ -20,18 +20,7 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_core.h" -#include "libcrux_sha3_internal.h" - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_x86___m256i -with const generics -- $4size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - __m256i st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_29; +#include "libcrux_sha3_neon.h" /** Perform 4 SHAKE256 operations in parallel @@ -41,59 +30,63 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; +} libcrux_sha3_avx2_x4_incremental_KeccakState; + /** Initialise the [`KeccakState`]. */ -libcrux_sha3_generic_keccak_KeccakState_29 +libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_sha3_avx2_x4_incremental_init(void); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze next block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, + libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 7ae9eb4eb..a1665484d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); } /** @@ -201,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_7a(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -261,11 +261,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + libcrux_sha3_portable_keccak_load_block_de(s, buf); } /** @@ -277,12 +277,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); } /** @@ -292,7 +292,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +303,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_340(ab); } /** @@ -319,8 +319,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); } /** @@ -330,7 +330,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +341,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_341(ab); } /** @@ -357,8 +357,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); } /** @@ -368,7 +368,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +379,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_342(ab); } /** @@ -395,8 +395,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); } /** @@ -406,7 +406,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +417,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_343(ab); } /** @@ -433,8 +433,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); } /** @@ -444,9 +444,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_34(ab); } /** @@ -460,8 +460,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); } /** @@ -471,7 +471,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +482,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_344(ab); } /** @@ -498,8 +498,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); } /** @@ -509,7 +509,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +520,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_345(ab); } /** @@ -536,8 +536,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); } /** @@ -547,7 +547,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +558,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_346(ab); } /** @@ -574,8 +574,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); } /** @@ -585,7 +585,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +596,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_347(ab); } /** @@ -612,8 +612,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); } /** @@ -623,7 +623,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +634,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_348(ab); } /** @@ -650,8 +650,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); } /** @@ -661,7 +661,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +672,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_349(ab); } /** @@ -688,8 +688,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); } /** @@ -699,7 +699,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +710,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_3410(ab); } /** @@ -726,8 +726,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); } /** @@ -737,7 +737,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +748,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_3411(ab); } /** @@ -764,8 +764,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); } /** @@ -775,7 +775,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +786,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_3412(ab); } /** @@ -802,8 +802,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); } /** @@ -813,7 +813,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +824,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_3413(ab); } /** @@ -840,8 +840,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); } /** @@ -851,7 +851,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +862,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_3414(ab); } /** @@ -878,8 +878,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); } /** @@ -889,7 +889,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +900,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_3415(ab); } /** @@ -916,8 +916,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); } /** @@ -927,7 +927,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +938,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_3416(ab); } /** @@ -954,8 +954,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); } /** @@ -965,7 +965,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +976,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_3417(ab); } /** @@ -992,8 +992,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); } /** @@ -1003,7 +1003,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1014,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_3418(ab); } /** @@ -1030,8 +1030,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); } /** @@ -1041,7 +1041,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1052,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_3419(ab); } /** @@ -1068,8 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); } /** @@ -1079,7 +1079,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1090,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_3420(ab); } /** @@ -1106,8 +1106,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); } /** @@ -1117,7 +1117,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1128,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_3421(ab); } /** @@ -1144,8 +1144,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); } /** @@ -1155,7 +1155,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1166,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_3422(ab); } /** @@ -1182,8 +1182,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); } /** @@ -1192,7 +1192,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1228,53 +1228,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1284,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1320,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1338,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1350,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_8d(s); + libcrux_sha3_generic_keccak_pi_ac(s); + libcrux_sha3_generic_keccak_chi_c7(s); + libcrux_sha3_generic_keccak_iota_4f(s, i0); } } @@ -1369,7 +1369,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1388,8 +1388,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1397,7 +1397,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1422,9 +1422,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_58(a, b); + libcrux_sha3_portable_keccak_store_block_39(a, b); } /** @@ -1434,10 +1434,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1447,9 +1447,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); } /** @@ -1457,7 +1457,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1482,11 +1482,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + libcrux_sha3_portable_keccak_load_block_de0(s, buf); } /** @@ -1498,12 +1498,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); } /** @@ -1514,7 +1514,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1533,8 +1533,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1542,7 +1542,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1567,9 +1567,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_580(a, b); + libcrux_sha3_portable_keccak_store_block_390(a, b); } /** @@ -1579,9 +1579,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1591,10 +1591,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); } /** @@ -1606,12 +1606,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); } /** @@ -1621,13 +1621,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1635,12 +1635,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_58(s, buf); + libcrux_sha3_portable_keccak_store_block_39(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1656,9 +1656,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); } /** @@ -1669,10 +1669,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_653( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1695,11 +1695,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1723,10 +1723,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1737,7 +1737,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1748,12 +1748,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1761,7 +1761,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1779,12 +1779,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); } } } @@ -1795,11 +1795,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); } /** @@ -1807,7 +1807,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1836,12 +1836,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); } /** @@ -1851,13 +1851,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1865,11 +1865,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + libcrux_sha3_portable_keccak_load_block_de3(s, buf); } /** @@ -1881,12 +1881,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); } /** @@ -1897,7 +1897,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1916,8 +1916,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -1925,7 +1925,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1946,12 +1946,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_583(s, buf); + libcrux_sha3_portable_keccak_store_block_393(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -1967,9 +1967,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); } /** @@ -1980,10 +1980,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_652( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2008,9 +2008,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_583(a, b); + libcrux_sha3_portable_keccak_store_block_393(a, b); } /** @@ -2020,9 +2020,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2032,10 +2032,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); } /** @@ -2045,11 +2045,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2073,10 +2073,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2087,7 +2087,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2098,12 +2098,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2111,7 +2111,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2129,12 +2129,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); } } } @@ -2145,11 +2145,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); } /** @@ -2157,7 +2157,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2186,12 +2186,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); } /** @@ -2201,13 +2201,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2215,11 +2215,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + libcrux_sha3_portable_keccak_load_block_de2(s, buf); } /** @@ -2231,12 +2231,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); } /** @@ -2247,7 +2247,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2266,8 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2275,7 +2275,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2296,12 +2296,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_582(s, buf); + libcrux_sha3_portable_keccak_store_block_392(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2317,9 +2317,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); } /** @@ -2330,10 +2330,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_651( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2358,9 +2358,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_582(a, b); + libcrux_sha3_portable_keccak_store_block_392(a, b); } /** @@ -2370,9 +2370,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2382,10 +2382,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); } /** @@ -2395,11 +2395,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2423,10 +2423,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2437,7 +2437,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2448,12 +2448,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2461,7 +2461,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2479,12 +2479,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); } } } @@ -2495,11 +2495,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); } /** @@ -2511,12 +2511,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); } /** @@ -2526,13 +2526,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2540,12 +2540,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_580(s, buf); + libcrux_sha3_portable_keccak_store_block_390(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2561,9 +2561,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); } /** @@ -2574,10 +2574,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_650( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2600,11 +2600,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2628,10 +2628,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2642,7 +2642,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2653,12 +2653,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2666,7 +2666,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2684,12 +2684,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2700,11 +2700,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); } /** @@ -2715,7 +2715,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2734,8 +2734,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2746,10 +2746,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2760,7 +2760,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2771,12 +2771,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2784,7 +2784,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2802,12 +2802,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); } } } @@ -2818,11 +2818,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); } /** @@ -2830,7 +2830,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2859,12 +2859,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; Eurydice_slice uu____1[1U]; memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); } /** @@ -2874,13 +2874,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2888,11 +2888,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + libcrux_sha3_portable_keccak_load_block_de1(s, buf); } /** @@ -2904,12 +2904,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; uint8_t uu____1[1U][200U]; memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); } /** @@ -2920,7 +2920,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2939,8 +2939,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_13(s); } /** @@ -2948,7 +2948,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2969,12 +2969,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_581(s, buf); + libcrux_sha3_portable_keccak_store_block_391(s, buf); uint8_t uu____0[200U]; memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); @@ -2989,9 +2989,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); } /** @@ -3002,10 +3002,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_65( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3030,9 +3030,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_581(a, b); + libcrux_sha3_portable_keccak_store_block_391(a, b); } /** @@ -3042,9 +3042,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3054,10 +3054,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); } /** @@ -3067,11 +3067,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_13(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3095,10 +3095,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_7a(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3109,7 +3109,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3120,12 +3120,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_portable_keccak_slice_n_5a( uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3133,7 +3133,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3151,12 +3151,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); } } } @@ -3167,11 +3167,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { Eurydice_slice uu____0[1U]; memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index e000a5155..b0f13ff6d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,30 +5,2198 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #include "libcrux_sha3_neon.h" +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t zero_fa(void) { + return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); +} + +static KRML_MUSTINLINE uint64x2_t _veor5q_u64(uint64x2_t a, uint64x2_t b, + uint64x2_t c, uint64x2_t d, + uint64x2_t e) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); + uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); + return libcrux_intrinsics_arm64__veorq_u64(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t xor5_fa(uint64x2_t a, uint64x2_t b, + uint64x2_t c, uint64x2_t d, + uint64x2_t e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_58(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, x, uint64x2_t)); +} + +static KRML_MUSTINLINE uint64x2_t _vrax1q_u64(uint64x2_t a, uint64x2_t b) { + uint64x2_t uu____0 = a; + return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left1_and_xor_fa(uint64x2_t a, + uint64x2_t b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE uint64x2_t _vbcaxq_u64(uint64x2_t a, uint64x2_t b, + uint64x2_t c) { + return libcrux_intrinsics_arm64__veorq_u64( + a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t and_not_xor_fa(uint64x2_t a, uint64x2_t b, + uint64x2_t c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE uint64x2_t _veorq_n_u64(uint64x2_t a, uint64_t c) { + uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); + return libcrux_intrinsics_arm64__veorq_u64(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t xor_constant_fa(uint64x2_t a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE uint64x2_t xor_fa(uint64x2_t a, uint64x2_t b) { + return libcrux_intrinsics_arm64__veorq_u64(a, b); +} + +static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, + size_t len, Eurydice_slice ret[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[2U]; + slice_2(uu____0, start, len, ret0); + memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_2(Eurydice_slice out[2U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_2size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 +split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { + return split_at_mut_2(a, mid); +} + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc +new_1e_12(void) { + libcrux_sha3_generic_keccak_KeccakState_fc lit; + lit.st[0U][0U] = zero_fa(); + lit.st[0U][1U] = zero_fa(); + lit.st[0U][2U] = zero_fa(); + lit.st[0U][3U] = zero_fa(); + lit.st[0U][4U] = zero_fa(); + lit.st[1U][0U] = zero_fa(); + lit.st[1U][1U] = zero_fa(); + lit.st[1U][2U] = zero_fa(); + lit.st[1U][3U] = zero_fa(); + lit.st[1U][4U] = zero_fa(); + lit.st[2U][0U] = zero_fa(); + lit.st[2U][1U] = zero_fa(); + lit.st[2U][2U] = zero_fa(); + lit.st[2U][3U] = zero_fa(); + lit.st[2U][4U] = zero_fa(); + lit.st[3U][0U] = zero_fa(); + lit.st[3U][1U] = zero_fa(); + lit.st[3U][2U] = zero_fa(); + lit.st[3U][3U] = zero_fa(); + lit.st[3U][4U] = zero_fa(); + lit.st[4U][0U] = zero_fa(); + lit.st[4U][1U] = zero_fa(); + lit.st[4U][2U] = zero_fa(); + lit.st[4U][3U] = zero_fa(); + lit.st[4U][4U] = zero_fa(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, + (size_t)72U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_580(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c1(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_581(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c10(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f0(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_582(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c11(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f1(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_583(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c12(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f2(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c13(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f3(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_584(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c14(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f4(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_585(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c15(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f5(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_586(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c16(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f6(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_587(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c17(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f7(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_588(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c18(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f8(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_589(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c19(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f9(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5810(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c110(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f10(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5811(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c111(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f11(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5812(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c112(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f12(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5813(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c113(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f13(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5814(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c114(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f14(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5815(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c115(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f15(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5816(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c116(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f16(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5817(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c117(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f17(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5818(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c118(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f18(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5819(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c119(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f19(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5820(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c120(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f20(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5821(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c121(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f21(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64x2_t rotate_left_5822(uint64x2_t x) { + return libcrux_intrinsics_arm64__veorq_u64( + libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, x, uint64x2_t), + libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, x, uint64x2_t)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c122(uint64x2_t a, uint64x2_t b) { + uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f22(uint64x2_t a, + uint64x2_t b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void theta_rho_eb( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + uint64x2_t c[5U] = {xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + uint64x2_t uu____0 = + rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + uint64x2_t uu____1 = + rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + uint64x2_t uu____2 = + rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + uint64x2_t uu____3 = + rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + uint64x2_t t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); + s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); + uint64x2_t uu____27 = xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void pi_a0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + uint64x2_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void chi_b0( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + uint64x2_t old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_fa( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void iota_33( + libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { + s->st[0U][0U] = xor_constant_fa( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +*/ +static KRML_MUSTINLINE void keccakf1600_3e( + libcrux_sha3_generic_keccak_KeccakState_fc *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_eb(s); + pi_a0(s); + chi_b0(s); + iota_33(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void absorb_block_45( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_3e(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_07(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_2f(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)72U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a5(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e7( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a5(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 72 +*/ +static KRML_MUSTINLINE void store_block_fa_90(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_90(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +*/ +static KRML_MUSTINLINE void squeeze_last_70( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a5(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + absorb_block_45(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)72U; + size_t last = outlen - outlen % (size_t)72U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e7(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)72U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)72U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_70(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 72 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(uu____0, out); +} + +/** + A portable SHA3 512 implementation. +*/ +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + uint8_t dummy[64U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, uu____1); +} + /** - A portable SHA3 512 implementation. +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 */ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +static KRML_MUSTINLINE void absorb_block_450( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f0(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_3e0(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c0(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_2f0(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)136U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, + (size_t)136U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f0(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a50(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a0(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e70( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a50(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_fa_900(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f0(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d0( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_900(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_700( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a50(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe0(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(uu____0, out); } /** A portable SHA3 256 implementation. */ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[32U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e0(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_070(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_450(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe1(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e70(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)136U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f0(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)136U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d0(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_700(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(uu____0, out); } /** @@ -36,60 +2204,695 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { Writes the two results into `out0` and `out1` */ -KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, - Eurydice_slice input1, - Eurydice_slice out0, - Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice out0, Eurydice_slice out1) { + Eurydice_slice buf0[2U] = {input0, input1}; + Eurydice_slice buf[2U] = {out0, out1}; + keccakx2_6e1(buf0, buf); } /** Initialise the `KeccakState2`. */ -KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_12(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_3e1(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c1(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_fe2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_071(uu____3, uu____4); + keccakf1600_3e(s); } /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ -KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {data0, data1}; + absorb_final_fe2(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_2f1(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)168U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, + (size_t)168U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_fa_901(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_901(s->st, out); } /** Squeeze 2 times the next block in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_next_block_5d1(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f1( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_901(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + Eurydice_slice_uint8_t_2size_t__x2 uu____0 = + split_at_mut_n_fa(out, (size_t)168U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o10[2U]; + memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f1(s, o0); + Eurydice_slice_uint8_t_2size_t__x2 uu____1 = + split_at_mut_n_fa(o10, (size_t)168U); + Eurydice_slice o1[2U]; + memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o2[2U]; + memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d1(s, o1); + squeeze_next_block_5d1(s, o2); } /** Squeeze 2 times the first three blocks in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -KRML_MUSTINLINE void -libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[2U] = {out0, out1}; + squeeze_first_three_blocks_2e(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void absorb_block_451( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f1(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_3e2(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c2(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_072(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_2f2(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)144U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, + (size_t)144U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f2(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a51(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a1(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e71( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a51(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 144 +*/ +static KRML_MUSTINLINE void store_block_fa_902(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f2(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d2( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_902(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +*/ +static KRML_MUSTINLINE void squeeze_last_701( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a51(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + absorb_block_451(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe3(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)144U; + size_t last = outlen - outlen % (size_t)144U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e71(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)144U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f2(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)144U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d2(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_701(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 144 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(uu____0, out); } /** @@ -97,9 +2900,421 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( */ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[28U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e2(uu____0, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], + Eurydice_slice blocks[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + uint64x2_t v1 = + libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_arm64__veorq_u64( + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint64_t u[2U] = {0U}; + uint8_t uu____0[8U]; + core_result_Result_56 dst0; + Eurydice_slice_to_array2( + &dst0, + Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst0, uu____0); + u[0U] = core_num__u64_9__from_le_bytes(uu____0); + uint8_t uu____1[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, uu____1); + u[1U] = core_num__u64_9__from_le_bytes(uu____1); + uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); + s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + uint64x2_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void absorb_block_452( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { + uint64x2_t(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); + load_block_fa_0f2(uu____0, uu____1); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_3e3(uint64x2_t (*s)[5U], + uint8_t blocks[2U][200U]) { + Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice)}; + load_block_3c3(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], + uint8_t b[2U][200U]) { + uint64x2_t(*uu____0)[5U] = a; + uint8_t uu____1[2U][200U]; + memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, uu____1); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void absorb_final_fe4( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[2U][200U] = {{0U}}; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 6U; + size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + uint64x2_t(*uu____3)[5U] = s->st; + uint8_t uu____4[2U][200U]; + memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_fa_073(uu____3, uu____4); + keccakf1600_3e(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_2f3(uint64x2_t (*s)[5U], + Eurydice_slice out[2U]) { + for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { + size_t i0 = i; + uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + } + if ((size_t)104U % (size_t)16U != (size_t)0U) { + size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; + size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; + uint8_t u[16U] = {0U}; + libcrux_intrinsics_arm64__vst1q_bytes_u64( + Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, + (size_t)104U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full +with const generics +- RATE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], + uint8_t ret[2U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + Eurydice_slice buf[2U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; + store_block_2f3(s, buf); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_full_fa_a52(uint64x2_t (*a)[5U], + uint8_t ret[2U][200U]) { + store_block_full_9a2(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_e72( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + uint8_t b[2U][200U]; + store_block_full_fa_a52(s->st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: +usize> for core::core_arch::arm_shared::neon::uint64x2_t)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa +with const generics +- BLOCKSIZE= 104 +*/ +static KRML_MUSTINLINE void store_block_fa_903(uint64x2_t (*a)[5U], + Eurydice_slice b[2U]) { + store_block_2f3(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_first_block_3f3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_next_block_5d3( + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { + keccakf1600_3e(s); + store_block_fa_903(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +*/ +static KRML_MUSTINLINE void squeeze_last_702( + libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { + keccakf1600_3e(&s); + uint8_t b[2U][200U]; + store_block_full_fa_a52(s.st, b); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- N= 2 +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; + Eurydice_slice uu____1[2U]; + memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + absorb_block_452(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; + Eurydice_slice uu____3[2U]; + memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice ret[2U]; + slice_n_fa(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + absorb_final_fe4(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)104U; + size_t last = outlen - outlen % (size_t)104U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_e72(&s, out); + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____4 = + split_at_mut_n_fa(out, (size_t)104U); + Eurydice_slice o0[2U]; + memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice o1[2U]; + memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_first_block_3f3(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_2size_t__x2 uu____5 = + split_at_mut_n_fa(o1, (size_t)104U); + Eurydice_slice o[2U]; + memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); + Eurydice_slice orest[2U]; + memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); + squeeze_next_block_5d3(&s, o); + memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_702(s, o1); + } + } +} + +/** +A monomorphic instance of libcrux_sha3.neon.keccakx2 +with const generics +- RATE= 104 +- DELIM= 6 +*/ +static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], + Eurydice_slice out[2U]) { + Eurydice_slice uu____0[2U]; + memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(uu____0, out); } /** @@ -107,7 +3322,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, */ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + uint8_t dummy[48U] = {0U}; + Eurydice_slice uu____0[2U] = {data, data}; + Eurydice_slice buf[2U] = { + digest, + Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; + keccakx2_6e3(uu____0, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f3ed82378..6a6a9be26 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 + * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 */ #ifndef __libcrux_sha3_neon_H @@ -20,8 +20,19 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" +#include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_arm_shared_neon_uint64x2_t +with const generics +- $2size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { + uint64x2_t st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_fc; + /** A portable SHA3 512 implementation. */ @@ -40,21 +51,17 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); -typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; -} libcrux_sha3_neon_x2_incremental_KeccakState; - /** Initialise the `KeccakState2`. */ -libcrux_sha3_neon_x2_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_fc libcrux_sha3_neon_x2_incremental_shake128_init(void); /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, Eurydice_slice data1); /** @@ -62,7 +69,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); /** @@ -70,7 +77,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, Eurydice_slice out1); /** From d5574e8f6c62bf622ab6b61c291abeb66c1b7221 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 08:33:09 -0700 Subject: [PATCH 04/16] With latest Eurydice changes --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_neon.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 65 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 60 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 877 ++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 898 +++++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 252 ++--- libcrux-ml-kem/c/libcrux_sha3_neon.c | 205 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 34 files changed, 1586 insertions(+), 1117 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7fd7d385c..eaa0a1b5f 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 67f4341506300372fba9cb8de070234935839cb7 Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 +Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index ff449d1ea..0cee66992 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index cad194d8f..f3b88ef8f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 503d8a62e..103c0b802 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 2d77d01ee..1f6b6c1d2 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 7a3bd7ee8..b6796aa82 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "internal/libcrux_core.h" @@ -100,10 +100,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -137,10 +138,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -155,10 +157,11 @@ with const generics */ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -225,10 +228,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -263,10 +267,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -281,10 +286,11 @@ with const generics */ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -351,10 +357,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -389,10 +396,11 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -407,10 +415,11 @@ with const generics */ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index debf385d0..ba047cb53 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index e45f4a347..c5a47bcbb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 348a2c1d3..542669909 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem1024_neon.h" @@ -125,9 +125,10 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); } /** @@ -141,9 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6b(uu____0, copy_of_randomness); } /** @@ -172,9 +174,11 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, + copy_of_randomness); } /** @@ -192,9 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1c(uu____0, copy_of_randomness); } /** @@ -213,9 +218,10 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); } /** @@ -223,9 +229,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_91(copy_of_randomness); } /** @@ -245,9 +252,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + copy_of_randomness); } /** @@ -256,9 +265,10 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_87(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 9ad36777f..82014512d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index ab538bf0b..f2599c9d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem1024_portable.h" @@ -125,9 +125,10 @@ static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, copy_of_randomness); } /** @@ -141,9 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_48(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_48(uu____0, copy_of_randomness); } /** @@ -172,9 +174,11 @@ static tuple_21 encapsulate_unpacked_ac( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, + copy_of_randomness); } /** @@ -192,9 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ac(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ac(uu____0, copy_of_randomness); } /** @@ -214,9 +219,10 @@ generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); } /** @@ -224,9 +230,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_6e(copy_of_randomness); } /** @@ -246,9 +253,11 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 generate_keypair_unpacked_f5(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1( + copy_of_randomness); } /** @@ -257,9 +266,10 @@ generate_keypair_unpacked_f5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_f5(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 6f550d51e..002601e79 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index e8619577b..664bc998c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 1dc9ade54..ee4470906 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem512_neon.h" @@ -121,9 +121,10 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_f8(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ce(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1a(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_38(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index e953e8cdf..594ab9383 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index efda480b7..af419fed6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem512_portable.h" @@ -121,9 +121,10 @@ static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_10(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_ec encapsulate_unpacked_49( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_49(uu____0, copy_of_randomness); } /** @@ -208,9 +213,10 @@ generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); } /** @@ -218,9 +224,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_f9(copy_of_randomness); } /** @@ -240,9 +247,11 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae generate_keypair_unpacked_d6(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0( + copy_of_randomness); } /** @@ -251,9 +260,10 @@ generate_keypair_unpacked_d6(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d6(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 0deb92f42..51c51000e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 1dc07a330..976c473d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index a88c7b3ed..44967e823 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem768_neon.h" @@ -121,9 +121,10 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ea(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_29(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1b(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_42(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 34fd92317..d10775770 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 2e07aebd4..d79390c40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem768_portable.h" @@ -121,9 +121,10 @@ static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4b(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_4b(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_3c encapsulate_unpacked_10( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_10(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_10(uu____0, copy_of_randomness); } /** @@ -208,9 +213,10 @@ generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); } /** @@ -218,9 +224,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_64(copy_of_randomness); } /** @@ -240,9 +247,11 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 generate_keypair_unpacked_c5(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d( + copy_of_randomness); } /** @@ -251,9 +260,10 @@ generate_keypair_unpacked_c5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c5(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_c5(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 002b28c6c..13b1459a3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 3ed7fe16f..d2060fa0c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 638c2cdaa..94b4f2b96 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 7524cf6c2..2060c7880 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "internal/libcrux_mlkem_neon.h" @@ -1510,9 +1510,10 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_551(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b1(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b1(copy_of_input); } /** @@ -1808,32 +1809,37 @@ static KRML_MUSTINLINE void sample_from_xof_c01( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_551(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_551(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e63( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_48_ad1(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_e64( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(uu____3[i]);); + ret0[i] = closure_d51(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); @@ -1853,17 +1859,19 @@ static KRML_MUSTINLINE void sample_matrix_A_481( closure_de1(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(uu____1, sampled); + sample_from_xof_c01(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -1879,7 +1887,9 @@ static KRML_MUSTINLINE void sample_matrix_A_481( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); @@ -2297,12 +2307,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2313,13 +2324,14 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -2573,20 +2585,22 @@ static tuple_4c0 generate_keypair_unpacked_ff1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_1f1(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_1f1(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -2595,31 +2609,36 @@ static tuple_4c0 generate_keypair_unpacked_ff1( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -2738,20 +2757,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2779,13 +2802,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -2890,15 +2919,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); } /** @@ -2972,12 +3004,13 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2989,13 +3022,14 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -3816,17 +3850,20 @@ static void encrypt_unpacked_541( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_eb1(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_eb1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; memcpy( error_1, uu____3.fst, @@ -3842,10 +3879,11 @@ static void encrypt_unpacked_541( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); + deserialize_then_decompress_message_23(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -3910,24 +3948,29 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_541(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4022,32 +4065,36 @@ static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[2U][2U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_541(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -4127,22 +4174,26 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_4e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_631(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4823,10 +4874,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_541(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f01(ciphertext), @@ -4913,14 +4966,15 @@ static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; deserialize_secret_key_4f1(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t ret0[32U]; decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); @@ -5000,10 +5054,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_821( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_4e1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_631( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -5231,9 +5287,10 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_550(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b0(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b0(copy_of_input); } /** @@ -5515,32 +5572,37 @@ static KRML_MUSTINLINE void sample_from_xof_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_550(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_550(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e61( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_48_ad0(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_e62( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(uu____3[i]);); + ret0[i] = closure_d50(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); @@ -5560,17 +5622,19 @@ static KRML_MUSTINLINE void sample_matrix_A_480( closure_de0(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(uu____1, sampled); + sample_from_xof_c00(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5586,7 +5650,9 @@ static KRML_MUSTINLINE void sample_matrix_A_480( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); @@ -5670,12 +5736,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5686,13 +5753,14 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -5845,20 +5913,22 @@ static tuple_9b0 generate_keypair_unpacked_ff0( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_1f0(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_1f0(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -5867,31 +5937,36 @@ static tuple_9b0 generate_keypair_unpacked_ff0( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -5987,20 +6062,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6028,13 +6107,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -6139,15 +6224,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); } /** @@ -6166,12 +6254,13 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6183,13 +6272,14 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -6405,17 +6495,20 @@ static void encrypt_unpacked_540( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_eb0(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_eb0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; memcpy( error_1, uu____3.fst, @@ -6431,10 +6524,11 @@ static void encrypt_unpacked_540( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); + deserialize_then_decompress_message_23(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6499,24 +6593,29 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_540(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6611,32 +6710,36 @@ static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[3U][3U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_540(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -6716,22 +6819,26 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_4e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_630(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6937,10 +7044,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_540(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f0(ciphertext), @@ -7003,14 +7112,15 @@ static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; deserialize_secret_key_4f0(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t ret0[32U]; decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); @@ -7090,10 +7200,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_820( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_4e0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_630( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -7321,9 +7433,10 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_55(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_6b(copy_of_input); } /** @@ -7611,32 +7724,37 @@ static KRML_MUSTINLINE void sample_from_xof_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_55(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + Simd128Hash xof_state = shake128_init_absorb_48_55(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e6( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_48_ad(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_e60( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(uu____3[i]);); + ret0[i] = closure_d5(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); @@ -7656,17 +7774,19 @@ static KRML_MUSTINLINE void sample_matrix_A_48( closure_de(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(uu____1, sampled); + sample_from_xof_c0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -7682,7 +7802,9 @@ static KRML_MUSTINLINE void sample_matrix_A_48( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); @@ -7769,12 +7891,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7785,13 +7908,14 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -7944,20 +8068,22 @@ static tuple_54 generate_keypair_unpacked_ff( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_1f(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_1f(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -7966,31 +8092,36 @@ static tuple_54 generate_keypair_unpacked_ff( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____4[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____7[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -8086,20 +8217,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8127,13 +8262,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -8238,15 +8379,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); } /** @@ -8265,12 +8409,13 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_06();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8282,13 +8427,14 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); lit.snd = domain_separator; return lit; @@ -8557,17 +8703,20 @@ static void encrypt_unpacked_54( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_eb(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_eb(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; memcpy( error_1, uu____3.fst, @@ -8583,10 +8732,11 @@ static void encrypt_unpacked_54( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(uu____4); + deserialize_then_decompress_message_23(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -8652,24 +8802,29 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_54(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8764,32 +8919,36 @@ static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1[4U][4U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_54(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -8869,22 +9028,26 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_4e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_63(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9132,10 +9295,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_54(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f00(ciphertext), @@ -9198,14 +9363,15 @@ static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; deserialize_secret_key_4f(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t ret0[32U]; decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); @@ -9286,10 +9452,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_82( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_4e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_63( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 80f89c5b8..eb50c46dd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4cf1af2e8..fd2294739 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "internal/libcrux_mlkem_portable.h" @@ -2123,11 +2123,12 @@ shake128_init_absorb_411(uint8_t input[4U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + /* This copy dictated by the Rust value passing semantics */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2144,9 +2145,10 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_411(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_411(copy_of_input); } /** @@ -2427,32 +2429,37 @@ static KRML_MUSTINLINE void sample_from_xof_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_511(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_f1_511(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_023( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_f1_681(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_024( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(uu____3[i]);); + ret0[i] = closure_131(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2473,17 +2480,19 @@ static KRML_MUSTINLINE void sample_matrix_A_551( closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(uu____1, sampled); + sample_from_xof_f61(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2499,7 +2508,9 @@ static KRML_MUSTINLINE void sample_matrix_A_551( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2914,12 +2925,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2930,13 +2942,14 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -3193,20 +3206,22 @@ static tuple_540 generate_keypair_unpacked_a91( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_011(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -3215,31 +3230,36 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3360,20 +3380,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3402,13 +3426,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -3514,15 +3544,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(uu____1); + libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); } /** @@ -3542,12 +3575,13 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3559,13 +3593,14 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4241,17 +4276,20 @@ static void encrypt_unpacked_651( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_381(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4267,10 +4305,11 @@ static void encrypt_unpacked_651( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -4337,24 +4376,29 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_651(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4450,32 +4494,36 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_651(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4555,22 +4603,26 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_f71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(uu____4); + libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5140,10 +5192,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_651(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f00(ciphertext), @@ -5230,14 +5284,15 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; deserialize_secret_key_6b1(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); @@ -5318,10 +5373,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f71(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_f4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -5538,11 +5595,12 @@ shake128_init_absorb_410(uint8_t input[2U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + /* This copy dictated by the Rust value passing semantics */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5559,9 +5617,10 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_410(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_410(copy_of_input); } /** @@ -5816,32 +5875,37 @@ static KRML_MUSTINLINE void sample_from_xof_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_510(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_f1_510(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_021( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_f1_680(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_022( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(uu____3[i]);); + ret0[i] = closure_130(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5862,17 +5926,19 @@ static KRML_MUSTINLINE void sample_matrix_A_550( closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(uu____1, sampled); + sample_from_xof_f60(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5888,7 +5954,9 @@ static KRML_MUSTINLINE void sample_matrix_A_550( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -5967,12 +6035,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5983,13 +6052,14 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6144,20 +6214,22 @@ static tuple_4c generate_keypair_unpacked_a90( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_010(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -6166,31 +6238,36 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -6288,20 +6365,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6330,13 +6411,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } @@ -6442,15 +6529,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(uu____1); + libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); } /** @@ -6503,12 +6593,13 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6520,13 +6611,14 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6796,17 +6888,20 @@ static void encrypt_unpacked_650( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_380(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6822,10 +6917,11 @@ static void encrypt_unpacked_650( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -6891,24 +6987,29 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_650(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7004,32 +7105,36 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_650(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7109,22 +7214,26 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_f70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(uu____4); + libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7372,10 +7481,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_650(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f01(ciphertext), @@ -7438,14 +7549,15 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; deserialize_secret_key_6b0(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); @@ -7525,10 +7637,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f70(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_26( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, @@ -7746,11 +7860,12 @@ shake128_init_absorb_41(uint8_t input[3U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + /* This copy dictated by the Rust value passing semantics */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7767,9 +7882,10 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_41(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_41(copy_of_input); } /** @@ -8024,32 +8140,37 @@ static KRML_MUSTINLINE void sample_from_xof_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_51(uu____0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_f1_51(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_02( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_f1_68(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_020( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* This copy dictated by the Rust value passing semantics */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(uu____3[i]);); + ret0[i] = closure_13(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8070,17 +8191,19 @@ static KRML_MUSTINLINE void sample_matrix_A_55( closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(uu____1, sampled); + sample_from_xof_f6(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8096,7 +8219,9 @@ static KRML_MUSTINLINE void sample_matrix_A_55( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -8164,12 +8289,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8180,13 +8306,14 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8341,20 +8468,22 @@ static tuple_9b generate_keypair_unpacked_a9( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(uu____1, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_01(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); @@ -8363,31 +8492,36 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8485,20 +8619,24 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8527,13 +8665,19 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -8639,15 +8783,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(uu____1); + libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(uu____3)); + uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); } /** @@ -8667,12 +8814,13 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_02();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8684,13 +8832,14 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8907,17 +9056,20 @@ static void encrypt_unpacked_65( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(uu____0, 0U); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_38(uu____2, domain_separator0); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8933,10 +9085,11 @@ static void encrypt_unpacked_65( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(uu____4); + deserialize_then_decompress_message_cb(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); @@ -9002,24 +9155,29 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_65(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9115,32 +9273,36 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_65(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9220,22 +9382,26 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_f7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(uu____4); + libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); uint8_t shared_secret_array[32U]; kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9442,10 +9608,12 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_65(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( libcrux_ml_kem_types_as_ref_00_f0(ciphertext), @@ -9508,14 +9676,15 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; deserialize_secret_key_6b(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* This copy dictated by the Rust value passing semantics */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); @@ -9595,10 +9764,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_f7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; kdf_af_69( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index d4b1c0ce7..ea777873b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index f83fa6654..554d431d4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 569a83ca1..67f9c8b91 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 06c3fa6fc..de79d0e42 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index a1665484d..185e7fc66 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_internal_H @@ -147,10 +147,11 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } @@ -280,9 +281,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, copy_of_b); } /** @@ -1501,9 +1503,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, copy_of_b); } /** @@ -1609,9 +1612,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de(uu____0, copy_of_b); } /** @@ -1641,9 +1645,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_39(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1732,22 +1737,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; @@ -1797,9 +1804,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf4(copy_of_data, out); } /** @@ -1839,9 +1847,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de3(uu____0, copy_of_b); } /** @@ -1884,9 +1893,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, copy_of_b); } /** @@ -1952,9 +1962,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_393(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2082,22 +2093,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; @@ -2147,9 +2160,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf3(copy_of_data, out); } /** @@ -2189,9 +2203,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de2(uu____0, copy_of_b); } /** @@ -2234,9 +2249,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, copy_of_b); } /** @@ -2302,9 +2318,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_392(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2432,22 +2449,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; @@ -2497,9 +2516,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf2(copy_of_data, out); } /** @@ -2514,9 +2534,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de0(uu____0, copy_of_b); } /** @@ -2546,9 +2567,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_390(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2637,22 +2659,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; @@ -2702,9 +2726,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf1(copy_of_data, out); } /** @@ -2755,22 +2780,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; @@ -2820,9 +2847,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf0(copy_of_data, out); } /** @@ -2862,9 +2890,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_de1(uu____0, copy_of_b); } /** @@ -2907,9 +2936,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, copy_of_b); } /** @@ -2975,9 +3005,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_391(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3104,22 +3135,24 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; @@ -3169,9 +3202,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_cf(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index b0f13ff6d..c1cf5cca8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #include "libcrux_sha3_neon.h" @@ -118,10 +118,11 @@ usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, a, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_a[2U]; + memcpy(copy_of_a, a, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret0[2U]; - slice_2(uu____0, start, len, ret0); + slice_2(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); } @@ -266,9 +267,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c(uu____0, copy_of_b); } /** @@ -1358,9 +1360,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e(uu____0, copy_of_b); } /** @@ -1459,11 +1462,12 @@ static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -1583,19 +1587,21 @@ static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)72U, (size_t)72U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); absorb_block_45(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe(uu____2, ret); @@ -1647,9 +1653,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_59(copy_of_data, out); } /** @@ -1732,9 +1739,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c0(uu____0, copy_of_b); } /** @@ -1779,9 +1787,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e0(uu____0, copy_of_b); } /** @@ -1880,11 +1889,12 @@ static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f0(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -2004,19 +2014,21 @@ static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_450(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe0(uu____2, ret); @@ -2068,9 +2080,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_590(copy_of_data, out); } /** @@ -2130,19 +2143,21 @@ static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_450(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe1(uu____2, ret); @@ -2194,9 +2209,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_591(copy_of_data, out); } /** @@ -2301,9 +2317,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e1(uu____0, copy_of_b); } /** @@ -2554,9 +2571,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c2(uu____0, copy_of_b); } /** @@ -2601,9 +2619,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e2(uu____0, copy_of_b); } /** @@ -2702,11 +2721,12 @@ static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f2(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -2826,19 +2846,21 @@ static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)144U, (size_t)144U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); absorb_block_451(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe3(uu____2, ret); @@ -2890,9 +2912,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_592(copy_of_data, out); } /** @@ -2976,9 +2999,10 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_b[2U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); + load_block_3c3(uu____0, copy_of_b); } /** @@ -3023,9 +3047,10 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - uint8_t uu____1[2U][200U]; - memcpy(uu____1, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, uu____1); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_b[2U][200U]; + memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); + load_block_full_3e3(uu____0, copy_of_b); } /** @@ -3124,11 +3149,12 @@ static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f3(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + /* This copy dictated by the Rust value passing semantics */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); } @@ -3248,19 +3274,21 @@ static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____1, i0 * (size_t)104U, (size_t)104U, ret); + slice_n_fa(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); absorb_block_452(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - Eurydice_slice uu____3[2U]; - memcpy(uu____3, data, (size_t)2U * sizeof(Eurydice_slice)); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; - slice_n_fa(uu____3, + slice_n_fa(copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); absorb_final_fe4(uu____2, ret); @@ -3312,9 +3340,10 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - Eurydice_slice uu____0[2U]; - memcpy(uu____0, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(uu____0, out); + /* This copy dictated by the Rust value passing semantics */ + Eurydice_slice copy_of_data[2U]; + memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); + keccak_593(copy_of_data, out); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 6a6a9be26..18ac37d7c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: 23fd74952dc8fe8d2e3bdd3eb691bf8502b98b15 + * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 */ #ifndef __libcrux_sha3_neon_H From 0b811dab12d3bb3f004bb2ac853ff4a822780566 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 09:01:31 -0700 Subject: [PATCH 05/16] WIP --- libcrux-ml-kem/c.yaml | 2 + libcrux-ml-kem/c/code_gen.txt | 6 +- libcrux-ml-kem/c/internal/libcrux_core.h | 6 +- .../c/internal/libcrux_mlkem_neon.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 6 +- libcrux-ml-kem/c/libcrux_core.c | 24 +- libcrux-ml-kem/c/libcrux_core.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 22 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 1136 +++++++---------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 246 ++-- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 6 +- libcrux-ml-kem/c/libcrux_sha3.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 6 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 74 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 535 ++++---- libcrux-ml-kem/c/libcrux_sha3_neon.h | 6 +- 35 files changed, 1022 insertions(+), 1265 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 3a8f6001d..db12e833c 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -235,3 +235,5 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index eaa0a1b5f..8ac29a1be 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 67f4341506300372fba9cb8de070234935839cb7 -Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 +Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb +Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 +Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 0cee66992..6e626b2cc 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index f3b88ef8f..03c96041e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 103c0b802..7c85dde7e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 1f6b6c1d2..c18dac469 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index b6796aa82..bb30330cf 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "internal/libcrux_core.h" @@ -100,7 +100,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( uint8_t value[800U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[800U]; memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; @@ -138,7 +138,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( uint8_t value[1632U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1632U]; memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; @@ -157,7 +157,7 @@ with const generics */ libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( uint8_t value[768U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; @@ -228,7 +228,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( uint8_t value[1568U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; @@ -267,7 +267,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( uint8_t value[3168U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[3168U]; memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; @@ -286,7 +286,7 @@ with const generics */ libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( uint8_t value[1568U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; @@ -357,7 +357,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( uint8_t value[1184U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1184U]; memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; @@ -396,7 +396,7 @@ with const generics */ libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( uint8_t value[2400U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[2400U]; memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; @@ -415,7 +415,7 @@ with const generics */ libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( uint8_t value[1088U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ba047cb53..61a3e31f6 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c5a47bcbb..8cf2e1852 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 542669909..c95f9f673 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem1024_neon.h" @@ -125,7 +125,7 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); @@ -142,7 +142,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_6b(uu____0, copy_of_randomness); @@ -174,7 +174,7 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, @@ -196,7 +196,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_1c(uu____0, copy_of_randomness); @@ -218,7 +218,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); @@ -229,7 +229,7 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_91(copy_of_randomness); @@ -252,7 +252,7 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( @@ -265,7 +265,7 @@ generate_keypair_unpacked_87(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_87(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 82014512d..1ed96ad65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f2599c9d4..226a7972a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem1024_portable.h" @@ -125,7 +125,7 @@ static tuple_21 encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, copy_of_randomness); @@ -142,7 +142,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_48(uu____0, copy_of_randomness); @@ -174,7 +174,7 @@ static tuple_21 encapsulate_unpacked_ac( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, @@ -196,7 +196,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_ac(uu____0, copy_of_randomness); @@ -219,7 +219,7 @@ generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); @@ -230,7 +230,7 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_6e(copy_of_randomness); @@ -253,7 +253,7 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 generate_keypair_unpacked_f5(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1( @@ -266,7 +266,7 @@ generate_keypair_unpacked_f5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_f5(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 002601e79..b53ebe718 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 664bc998c..fde1eaaf3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index ee4470906..5b9b0ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem512_neon.h" @@ -121,7 +121,7 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_f8(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, @@ -190,7 +190,7 @@ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_ce(uu____0, copy_of_randomness); @@ -212,7 +212,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); @@ -223,7 +223,7 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1a(copy_of_randomness); @@ -246,7 +246,7 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( @@ -259,7 +259,7 @@ generate_keypair_unpacked_38(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_38(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 594ab9383..211c714fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index af419fed6..fa4106f06 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem512_portable.h" @@ -121,7 +121,7 @@ static tuple_ec encapsulate_10( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_10(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_ec encapsulate_unpacked_49( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, @@ -190,7 +190,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_49(uu____0, copy_of_randomness); @@ -213,7 +213,7 @@ generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); @@ -224,7 +224,7 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_f9(copy_of_randomness); @@ -247,7 +247,7 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae generate_keypair_unpacked_d6(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0( @@ -260,7 +260,7 @@ generate_keypair_unpacked_d6(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_d6(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 51c51000e..75f921f45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 976c473d9..f2bd4e669 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index 44967e823..c252832a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem768_neon.h" @@ -121,7 +121,7 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_ea(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, @@ -190,7 +190,7 @@ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_29(uu____0, copy_of_randomness); @@ -212,7 +212,7 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); @@ -223,7 +223,7 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_1b(copy_of_randomness); @@ -246,7 +246,7 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( @@ -259,7 +259,7 @@ generate_keypair_unpacked_42(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_42(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index d10775770..aaf2756d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index d79390c40..0e5c36ee3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem768_portable.h" @@ -121,7 +121,7 @@ static tuple_3c encapsulate_4b( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, copy_of_randomness); @@ -138,7 +138,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_4b(uu____0, copy_of_randomness); @@ -170,7 +170,7 @@ static tuple_3c encapsulate_unpacked_10( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, @@ -190,7 +190,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); return encapsulate_unpacked_10(uu____0, copy_of_randomness); @@ -213,7 +213,7 @@ generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); @@ -224,7 +224,7 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_64(copy_of_randomness); @@ -247,7 +247,7 @@ const generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 generate_keypair_unpacked_c5(uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d( @@ -260,7 +260,7 @@ generate_keypair_unpacked_c5(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); return generate_keypair_unpacked_c5(copy_of_randomness); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 13b1459a3..5d21a7998 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index d2060fa0c..a2890d7fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 94b4f2b96..f21c1ce0f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 2060c7880..398413b31 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "internal/libcrux_mlkem_neon.h" @@ -37,8 +37,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0), - .high = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)0)}); + .low = _vdupq_n_s16((int16_t)0), .high = _vdupq_n_s16((int16_t)0)}); } /** @@ -53,9 +52,9 @@ libcrux_ml_kem_vector_neon_ZERO_20(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)), - .high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_slice_subslice2( + .low = _vld1q_s16(Eurydice_slice_subslice2(array, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)), + .high = _vld1q_s16(Eurydice_slice_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); } @@ -71,14 +70,12 @@ libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { int16_t out[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - libcrux_intrinsics_arm64__vst1q_s16( - Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); + _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice), + v.low); + _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice), + v.high); memcpy(ret, out, (size_t)16U * sizeof(int16_t)); } @@ -95,8 +92,8 @@ KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_add( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vaddq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vaddq_s16(lhs.high, rhs->high); + lhs.low = _vaddq_s16(lhs.low, rhs->low); + lhs.high = _vaddq_s16(lhs.high, rhs->high); return lhs; } @@ -115,8 +112,8 @@ KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_sub( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = libcrux_intrinsics_arm64__vsubq_s16(lhs.low, rhs->low); - lhs.high = libcrux_intrinsics_arm64__vsubq_s16(lhs.high, rhs->high); + lhs.low = _vsubq_s16(lhs.low, rhs->low); + lhs.high = _vsubq_s16(lhs.high, rhs->high); return lhs; } @@ -134,8 +131,8 @@ libcrux_ml_kem_vector_neon_sub_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = libcrux_intrinsics_arm64__vmulq_n_s16(v.low, c); - v.high = libcrux_intrinsics_arm64__vmulq_n_s16(v.high, c); + v.low = _vmulq_n_s16(v.low, c); + v.high = _vmulq_n_s16(v.high, c); return v; } @@ -152,9 +149,9 @@ libcrux_ml_kem_vector_neon_multiply_by_constant_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - int16x8_t c0 = libcrux_intrinsics_arm64__vdupq_n_s16(c); - v.low = libcrux_intrinsics_arm64__vandq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vandq_s16(v.high, c0); + int16x8_t c0 = _vdupq_n_s16(c); + v.low = _vandq_s16(v.low, c0); + v.high = _vandq_s16(v.high, c0); return v; } @@ -171,15 +168,13 @@ libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t c = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)3329); - uint16x8_t m0 = libcrux_intrinsics_arm64__vcgeq_s16(v.low, c); - uint16x8_t m1 = libcrux_intrinsics_arm64__vcgeq_s16(v.high, c); - int16x8_t c0 = libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m0)); - int16x8_t c1 = libcrux_intrinsics_arm64__vandq_s16( - c, libcrux_intrinsics_arm64__vreinterpretq_s16_u16(m1)); - v.low = libcrux_intrinsics_arm64__vsubq_s16(v.low, c0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.high, c1); + int16x8_t c = _vdupq_n_s16((int16_t)3329); + uint16x8_t m0 = _vcgeq_s16(v.low, c); + uint16x8_t m1 = _vcgeq_s16(v.high, c); + int16x8_t c0 = _vandq_s16(c, _vreinterpretq_s16_u16(m0)); + int16x8_t c1 = _vandq_s16(c, _vreinterpretq_s16_u16(m1)); + v.low = _vsubq_s16(v.low, c0); + v.high = _vsubq_s16(v.high, c1); return v; } @@ -195,15 +190,14 @@ libcrux_ml_kem_vector_neon_cond_subtract_3329_20( KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(int16x8_t v) { - int16x8_t adder = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1024); - int16x8_t vec = libcrux_intrinsics_arm64__vqdmulhq_n_s16( + int16x8_t adder = _vdupq_n_s16((int16_t)1024); + int16x8_t vec = _vqdmulhq_n_s16( v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - int16x8_t vec0 = libcrux_intrinsics_arm64__vaddq_s16(vec, adder); - int16x8_t quotient = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)11, vec0, int16x8_t); - int16x8_t sub = libcrux_intrinsics_arm64__vmulq_n_s16( - quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_intrinsics_arm64__vsubq_s16(v, sub); + int16x8_t vec0 = _vaddq_s16(vec, adder); + int16x8_t quotient = _vshrq_n_s16((int32_t)11, vec0, int16x8_t); + int16x8_t sub = + _vmulq_n_s16(quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return _vsubq_s16(v, sub); } KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector @@ -228,25 +222,22 @@ libcrux_ml_kem_vector_neon_barrett_reduce_20( KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( int16x8_t low, int16x8_t high) { - int16x8_t k = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vmulq_n_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - int16x8_t c = libcrux_intrinsics_arm64__vshrq_n_s16( + int16x8_t k = _vreinterpretq_s16_u16(_vmulq_n_u16( + _vreinterpretq_u16_s16(low), + (uint16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + int16x8_t c = _vshrq_n_s16( (int32_t)1, - libcrux_intrinsics_arm64__vqdmulhq_n_s16( - k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), + _vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), int16x8_t); - return libcrux_intrinsics_arm64__vsubq_s16(high, c); + return _vsubq_s16(high, c); } KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( int16x8_t v, int16_t c) { - int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_n_s16(v, c); - int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_n_s16(v, c), int16x8_t); + int16x8_t v_low = _vmulq_n_s16(v, c); + int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_n_s16(v, c), int16x8_t); return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( v_low, v_high); } @@ -277,34 +268,24 @@ libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_compress_compress_1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t half = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1664); - int16x8_t quarter = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)832); - int16x8_t shifted = libcrux_intrinsics_arm64__vsubq_s16(half, v.low); - int16x8_t mask0 = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted, int16x8_t); - int16x8_t shifted_to_positive = - libcrux_intrinsics_arm64__veorq_s16(mask0, shifted); + int16x8_t half = _vdupq_n_s16((int16_t)1664); + int16x8_t quarter = _vdupq_n_s16((int16_t)832); + int16x8_t shifted = _vsubq_s16(half, v.low); + int16x8_t mask0 = _vshrq_n_s16((int32_t)15, shifted, int16x8_t); + int16x8_t shifted_to_positive = _veorq_s16(mask0, shifted); int16x8_t shifted_positive_in_range = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive, quarter); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range), - uint16x8_t)); - int16x8_t shifted0 = libcrux_intrinsics_arm64__vsubq_s16(half, v.high); - int16x8_t mask = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, shifted0, int16x8_t); - int16x8_t shifted_to_positive0 = - libcrux_intrinsics_arm64__veorq_s16(mask, shifted0); + _vsubq_s16(shifted_to_positive, quarter); + v.low = _vreinterpretq_s16_u16(_vshrq_n_u16( + (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range), + uint16x8_t)); + int16x8_t shifted0 = _vsubq_s16(half, v.high); + int16x8_t mask = _vshrq_n_s16((int32_t)15, shifted0, int16x8_t); + int16x8_t shifted_to_positive0 = _veorq_s16(mask, shifted0); int16x8_t shifted_positive_in_range0 = - libcrux_intrinsics_arm64__vsubq_s16(shifted_to_positive0, quarter); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vshrq_n_u16( - (int32_t)15, - libcrux_intrinsics_arm64__vreinterpretq_u16_s16( - shifted_positive_in_range0), - uint16x8_t)); + _vsubq_s16(shifted_to_positive0, quarter); + v.high = _vreinterpretq_s16_u16(_vshrq_n_u16( + (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range0), + uint16x8_t)); return v; } @@ -350,9 +331,8 @@ libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( KRML_MUSTINLINE int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( int16x8_t v, int16x8_t c) { - int16x8_t v_low = libcrux_intrinsics_arm64__vmulq_s16(v, c); - int16x8_t v_high = libcrux_intrinsics_arm64__vshrq_n_s16( - (int32_t)1, libcrux_intrinsics_arm64__vqdmulhq_s16(v, c), int16x8_t); + int16x8_t v_low = _vmulq_s16(v, c); + int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_s16(v, c), int16x8_t); return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( v_low, v_high); } @@ -362,29 +342,21 @@ libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2, int16_t zeta3, int16_t zeta4) { int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); + int16x8_t dup_a = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); + int16x8_t dup_b = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); int16x8_t t = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, zeta); - int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + int16x8_t b = _vsubq_s16(dup_a, t); + int16x8_t a = _vaddq_s16(dup_a, t); + v.low = _vreinterpretq_s16_s32( + _vtrn1q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); + v.high = _vreinterpretq_s16_s32( + _vtrn2q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); return v; } @@ -405,29 +377,21 @@ libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2) { int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - int16x8_t dup_b = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); + int16x8_t dup_a = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); + int16x8_t dup_b = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); int16x8_t t = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, zeta); - int16x8_t b = libcrux_intrinsics_arm64__vsubq_s16(dup_a, t); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(dup_a, t); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + int16x8_t b = _vsubq_s16(dup_a, t); + int16x8_t a = _vaddq_s16(dup_a, t); + v.low = _vreinterpretq_s16_s64( + _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); + v.high = _vreinterpretq_s16_s64( + _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); return v; } @@ -445,12 +409,12 @@ libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); + int16x8_t zeta0 = _vdupq_n_s16(zeta); int16x8_t t = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( v.high, zeta0); - v.high = libcrux_intrinsics_arm64__vsubq_s16(v.low, t); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, t); + v.high = _vsubq_s16(v.low, t); + v.low = _vaddq_s16(v.low, t); return v; } @@ -469,31 +433,23 @@ libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2, int16_t zeta3, int16_t zeta4) { int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(v.high))); - int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t a0 = _vreinterpretq_s16_s32(_vtrn1q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); + int16x8_t b0 = _vreinterpretq_s16_s32(_vtrn2q_s32( + _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); + int16x8_t b_minus_a = _vsubq_s16(b0, a0); + int16x8_t a = _vaddq_s16(a0, b0); int16x8_t a1 = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); int16x8_t b = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(a1), - libcrux_intrinsics_arm64__vreinterpretq_s32_s16(b))); + v.low = _vreinterpretq_s16_s32( + _vtrn1q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); + v.high = _vreinterpretq_s16_s32( + _vtrn2q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); return v; } @@ -514,29 +470,21 @@ libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, int16_t zeta2) { int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - int16x8_t b0 = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.low), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(v.high))); - int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(b0, a0); - int16x8_t a = libcrux_intrinsics_arm64__vaddq_s16(a0, b0); + int16x8_t a0 = _vreinterpretq_s16_s64(_vtrn1q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); + int16x8_t b0 = _vreinterpretq_s16_s64(_vtrn2q_s64( + _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); + int16x8_t b_minus_a = _vsubq_s16(b0, a0); + int16x8_t a = _vaddq_s16(a0, b0); int16x8_t b = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( b_minus_a, zeta); - v.low = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn1q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); - v.high = libcrux_intrinsics_arm64__vreinterpretq_s16_s64( - libcrux_intrinsics_arm64__vtrn2q_s64( - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(a), - libcrux_intrinsics_arm64__vreinterpretq_s64_s16(b))); + v.low = _vreinterpretq_s16_s64( + _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); + v.high = _vreinterpretq_s16_s64( + _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); return v; } @@ -554,9 +502,9 @@ libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = libcrux_intrinsics_arm64__vdupq_n_s16(zeta); - int16x8_t b_minus_a = libcrux_intrinsics_arm64__vsubq_s16(v.high, v.low); - v.low = libcrux_intrinsics_arm64__vaddq_s16(v.low, v.high); + int16x8_t zeta0 = _vdupq_n_s16(zeta); + int16x8_t b_minus_a = _vsubq_s16(v.high, v.low); + v.low = _vaddq_s16(v.low, v.high); v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( b_minus_a, zeta0); return v; @@ -579,65 +527,49 @@ libcrux_ml_kem_vector_neon_ntt_ntt_multiply( int16_t zeta2, int16_t zeta3, int16_t zeta4) { int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, zeta2, zeta4, -zeta2, -zeta4}; - int16x8_t zeta = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t zeta = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = libcrux_intrinsics_arm64__vtrn1q_s16(lhs->low, lhs->high); - int16x8_t a1 = libcrux_intrinsics_arm64__vtrn2q_s16(lhs->low, lhs->high); - int16x8_t b0 = libcrux_intrinsics_arm64__vtrn1q_s16(rhs->low, rhs->high); - int16x8_t b1 = libcrux_intrinsics_arm64__vtrn2q_s16(rhs->low, rhs->high); + int16x8_t a0 = _vtrn1q_s16(lhs->low, lhs->high); + int16x8_t a1 = _vtrn2q_s16(lhs->low, lhs->high); + int16x8_t b0 = _vtrn1q_s16(rhs->low, rhs->high); + int16x8_t b1 = _vtrn2q_s16(rhs->low, rhs->high); int16x8_t a1b1 = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, b1); - int32x4_t a1b1_low = libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a1b1), - libcrux_intrinsics_arm64__vget_low_s16(zeta)); - int32x4_t a1b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a1b1, zeta); - int16x8_t fst_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a1b1_low, libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - int16x8_t fst_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a1b1_high, a0, b0)); - int32x4_t a0b1_low = libcrux_intrinsics_arm64__vmull_s16( - libcrux_intrinsics_arm64__vget_low_s16(a0), - libcrux_intrinsics_arm64__vget_low_s16(b1)); - int32x4_t a0b1_high = libcrux_intrinsics_arm64__vmull_high_s16(a0, b1); - int16x8_t snd_low = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_s16( - a0b1_low, libcrux_intrinsics_arm64__vget_low_s16(a1), - libcrux_intrinsics_arm64__vget_low_s16(b0))); - int16x8_t snd_high = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vmlal_high_s16(a0b1_high, a1, b0)); - int16x8_t fst_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(fst_low, fst_high); - int16x8_t fst_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(fst_low, fst_high); - int16x8_t snd_low16 = libcrux_intrinsics_arm64__vtrn1q_s16(snd_low, snd_high); - int16x8_t snd_high16 = - libcrux_intrinsics_arm64__vtrn2q_s16(snd_low, snd_high); + int32x4_t a1b1_low = _vmull_s16(_vget_low_s16(a1b1), _vget_low_s16(zeta)); + int32x4_t a1b1_high = _vmull_high_s16(a1b1, zeta); + int16x8_t fst_low = _vreinterpretq_s16_s32( + _vmlal_s16(a1b1_low, _vget_low_s16(a0), _vget_low_s16(b0))); + int16x8_t fst_high = + _vreinterpretq_s16_s32(_vmlal_high_s16(a1b1_high, a0, b0)); + int32x4_t a0b1_low = _vmull_s16(_vget_low_s16(a0), _vget_low_s16(b1)); + int32x4_t a0b1_high = _vmull_high_s16(a0, b1); + int16x8_t snd_low = _vreinterpretq_s16_s32( + _vmlal_s16(a0b1_low, _vget_low_s16(a1), _vget_low_s16(b0))); + int16x8_t snd_high = + _vreinterpretq_s16_s32(_vmlal_high_s16(a0b1_high, a1, b0)); + int16x8_t fst_low16 = _vtrn1q_s16(fst_low, fst_high); + int16x8_t fst_high16 = _vtrn2q_s16(fst_low, fst_high); + int16x8_t snd_low16 = _vtrn1q_s16(snd_low, snd_high); + int16x8_t snd_high16 = _vtrn2q_s16(snd_low, snd_high); int16x8_t fst = libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( fst_low16, fst_high16); int16x8_t snd = libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( snd_low16, snd_high16); - int32x4_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(fst, snd)); - int32x4_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(fst, snd)); - int16x8_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(low0, high0)); - int16x8_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s16_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(low0, high0)); + int32x4_t low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(fst, snd)); + int32x4_t high0 = _vreinterpretq_s32_s16(_vtrn2q_s16(fst, snd)); + int16x8_t low1 = _vreinterpretq_s16_s32(_vtrn1q_s32(low0, high0)); + int16x8_t high1 = _vreinterpretq_s16_s32(_vtrn2q_s32(low0, high0)); uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - uint8x16_t index = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t index = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16x8_t low2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(low1), index)); - int16x8_t high2 = libcrux_intrinsics_arm64__vreinterpretq_s16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8( - libcrux_intrinsics_arm64__vreinterpretq_u8_s16(high1), index)); + int16x8_t low2 = + _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(low1), index)); + int16x8_t high2 = + _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(high1), index)); return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ .low = low2, .high = high2}); } @@ -659,12 +591,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low0 = libcrux_intrinsics_arm64__vshlq_s16(v.low, shift); - int16x8_t high0 = libcrux_intrinsics_arm64__vshlq_s16(v.high, shift); - int16_t low = libcrux_intrinsics_arm64__vaddvq_s16(low0); - int16_t high = libcrux_intrinsics_arm64__vaddvq_s16(high0); + int16x8_t low0 = _vshlq_s16(v.low, shift); + int16x8_t high0 = _vshlq_s16(v.high, shift); + int16_t low = _vaddvq_s16(low0); + int16_t high = _vaddvq_s16(high0); ret[0U] = (uint8_t)low; ret[1U] = (uint8_t)high; } @@ -680,20 +612,19 @@ void libcrux_ml_kem_vector_neon_serialize_1_20( KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - int16x8_t one = libcrux_intrinsics_arm64__vdupq_n_s16((int16_t)1); - int16x8_t low0 = libcrux_intrinsics_arm64__vdupq_n_s16(( - int16_t)Eurydice_slice_index(a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - int16x8_t high0 = libcrux_intrinsics_arm64__vdupq_n_s16(( - int16_t)Eurydice_slice_index(a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); + int16x8_t one = _vdupq_n_s16((int16_t)1); + int16x8_t low0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + int16x8_t high0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( + a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low = libcrux_intrinsics_arm64__vshlq_s16(low0, shift); - int16x8_t high = libcrux_intrinsics_arm64__vshlq_s16(high0, shift); + int16x8_t low = _vshlq_s16(low0, shift); + int16x8_t high = _vshlq_s16(high0, shift); return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = libcrux_intrinsics_arm64__vandq_s16(low, one), - .high = libcrux_intrinsics_arm64__vandq_s16(high, one)}); + .low = _vandq_s16(low, one), .high = _vandq_s16(high, one)}); } /** @@ -709,20 +640,14 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - int16x8_t shift = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - uint16x8_t lowt = libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.low), shift); - uint16x8_t hight = libcrux_intrinsics_arm64__vshlq_u16( - libcrux_intrinsics_arm64__vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)libcrux_intrinsics_arm64__vaddv_u16( - libcrux_intrinsics_arm64__vget_high_u16(hight)); + uint16x8_t lowt = _vshlq_u16(_vreinterpretq_u16_s16(v.low), shift); + uint16x8_t hight = _vshlq_u16(_vreinterpretq_u16_s16(v.high), shift); + uint64_t sum0 = (uint64_t)_vaddv_u16(_vget_low_u16(lowt)); + uint64_t sum1 = (uint64_t)_vaddv_u16(_vget_high_u16(lowt)); + uint64_t sum2 = (uint64_t)_vaddv_u16(_vget_low_u16(hight)); + uint64_t sum3 = (uint64_t)_vaddv_u16(_vget_high_u16(hight)); uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; uint8_t ret0[8U]; core_num__u64_9__to_le_bytes(sum, ret0); @@ -745,9 +670,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { int16_t input_i16s[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -789,9 +714,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -807,39 +732,25 @@ libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, low00, - low10, int32x4_t); - int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); - int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)10, high00, - high10, int32x4_t); - int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)20, high0, - high1, int64x2_t); + int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = _vsliq_n_s32((int32_t)10, low00, low10, int32x4_t); + int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = _vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); + int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = _vsliq_n_s32((int32_t)10, high00, high10, int32x4_t); + int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = _vsliq_n_s64((int32_t)20, high0, high1, int64x2_t); uint8_t result32[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); uint8_t result[20U] = {0U}; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); @@ -888,9 +799,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -932,9 +843,9 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.low = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = libcrux_intrinsics_arm64__vld1q_s16(Eurydice_array_to_subslice2( + lit.high = _vld1q_s16(Eurydice_array_to_subslice2( array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); return lit; } @@ -950,39 +861,25 @@ libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - int32x4_t low00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, low00, - low10, int32x4_t); - int64x2_t low0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = - libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); - int32x4_t high00 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = libcrux_intrinsics_arm64__vreinterpretq_s32_s16( - libcrux_intrinsics_arm64__vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = libcrux_intrinsics_arm64__vsliq_n_s32((int32_t)12, high00, - high10, int32x4_t); - int64x2_t high0 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = libcrux_intrinsics_arm64__vreinterpretq_s64_s32( - libcrux_intrinsics_arm64__vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = libcrux_intrinsics_arm64__vsliq_n_s64((int32_t)24, high0, - high1, int64x2_t); + int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); + int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); + int32x4_t mixt = _vsliq_n_s32((int32_t)12, low00, low10, int32x4_t); + int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); + int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); + int64x2_t low_mix = _vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); + int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); + int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); + int32x4_t mixt0 = _vsliq_n_s32((int32_t)12, high00, high10, int32x4_t); + int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); + int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); + int64x2_t high_mix = _vsliq_n_s64((int32_t)24, high0, high1, int64x2_t); uint8_t result32[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____0, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(low_mix)); + _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - libcrux_intrinsics_arm64__vst1q_u8( - uu____1, libcrux_intrinsics_arm64__vreinterpretq_u8_s64(high_mix)); + _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); uint8_t result[24U] = {0U}; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); @@ -1028,13 +925,13 @@ KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - uint8x16_t index_vec = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t index_vec = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - int16x8_t shift_vec = libcrux_intrinsics_arm64__vld1q_s16( + int16x8_t shift_vec = _vld1q_s16( Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - uint16x8_t mask12 = libcrux_intrinsics_arm64__vdupq_n_u16(4095U); + uint16x8_t mask12 = _vdupq_n_u16(4095U); uint8_t input0[16U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); @@ -1043,7 +940,7 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice), uint8_t, void *); - uint8x16_t input_vec0 = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t input_vec0 = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, input0, uint8_t, Eurydice_slice)); uint8_t input1[16U] = {0U}; Eurydice_slice uu____1 = Eurydice_array_to_subslice2( @@ -1053,18 +950,14 @@ libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, Eurydice_slice), uint8_t, void *); - uint8x16_t input_vec1 = libcrux_intrinsics_arm64__vld1q_u8( + uint8x16_t input_vec1 = _vld1q_u8( Eurydice_array_to_slice((size_t)16U, input1, uint8_t, Eurydice_slice)); - uint16x8_t moved0 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec0, index_vec)); - uint16x8_t shifted0 = libcrux_intrinsics_arm64__vshlq_u16(moved0, shift_vec); - int16x8_t low = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted0, mask12)); - uint16x8_t moved1 = libcrux_intrinsics_arm64__vreinterpretq_u16_u8( - libcrux_intrinsics_arm64__vqtbl1q_u8(input_vec1, index_vec)); - uint16x8_t shifted1 = libcrux_intrinsics_arm64__vshlq_u16(moved1, shift_vec); - int16x8_t high = libcrux_intrinsics_arm64__vreinterpretq_s16_u16( - libcrux_intrinsics_arm64__vandq_u16(shifted1, mask12)); + uint16x8_t moved0 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec0, index_vec)); + uint16x8_t shifted0 = _vshlq_u16(moved0, shift_vec); + int16x8_t low = _vreinterpretq_s16_u16(_vandq_u16(shifted0, mask12)); + uint16x8_t moved1 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec1, index_vec)); + uint16x8_t shifted1 = _vshlq_u16(moved1, shift_vec); + int16x8_t high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ .low = low, .high = high}); } @@ -1279,9 +1172,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.low, int16x8_t); - v.high = - libcrux_intrinsics_arm64__vshrq_n_s16((int32_t)15, v.high, int16x8_t); + v.low = _vshrq_n_s16((int32_t)15, v.low, int16x8_t); + v.high = _vshrq_n_s16((int32_t)15, v.high, int16x8_t); return v; } @@ -1510,7 +1402,7 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_551(uint8_t input[2U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); return shake128_init_absorb_6b1(copy_of_input); @@ -1809,13 +1701,13 @@ static KRML_MUSTINLINE void sample_from_xof_c01( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); Simd128Hash xof_state = shake128_init_absorb_48_551(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e63( @@ -1826,7 +1718,7 @@ static KRML_MUSTINLINE void sample_from_xof_c01( } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_48_ad1(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); @@ -1834,7 +1726,7 @@ static KRML_MUSTINLINE void sample_from_xof_c01( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[2U][272U]; memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; @@ -1859,7 +1751,7 @@ static KRML_MUSTINLINE void sample_matrix_A_481( closure_de1(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( @@ -1867,7 +1759,7 @@ static KRML_MUSTINLINE void sample_matrix_A_481( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; @@ -2307,7 +2199,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -2324,7 +2216,7 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -2585,7 +2477,7 @@ static tuple_4c0 generate_keypair_unpacked_ff1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); @@ -2594,7 +2486,7 @@ static tuple_4c0 generate_keypair_unpacked_ff1( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; @@ -2609,18 +2501,18 @@ static tuple_4c0 generate_keypair_unpacked_ff1( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[2U] [2U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; @@ -2631,7 +2523,7 @@ static tuple_4c0 generate_keypair_unpacked_ff1( memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -2757,7 +2649,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -2767,7 +2659,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -2802,11 +2694,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); @@ -2919,14 +2811,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1632U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( @@ -3004,7 +2896,7 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -3022,7 +2914,7 @@ sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[2U]; memcpy( copy_of_error_1, error_1, @@ -3376,17 +3268,12 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)10, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)10, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3396,32 +3283,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)10)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af(low00); uint32x4_t low1 = compress_int32x4_t_af(low10); uint32x4_t high0 = compress_int32x4_t_af(high00); uint32x4_t high1 = compress_int32x4_t_af(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3472,17 +3353,12 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af0(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)11, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)11, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3492,32 +3368,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)11)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af0(low00); uint32x4_t low1 = compress_int32x4_t_af0(low10); uint32x4_t high0 = compress_int32x4_t_af0(high00); uint32x4_t high1 = compress_int32x4_t_af0(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3593,17 +3463,12 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af1(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)4, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)4, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3613,32 +3478,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)4)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af1(low00); uint32x4_t low1 = compress_int32x4_t_af1(low10); uint32x4_t high0 = compress_int32x4_t_af1(high00); uint32x4_t high1 = compress_int32x4_t_af1(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3687,17 +3546,12 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af2(uint32x4_t v) { - uint32x4_t half = libcrux_intrinsics_arm64__vdupq_n_u32(1664U); - uint32x4_t compressed = - libcrux_intrinsics_arm64__vshlq_n_u32((int32_t)5, v, uint32x4_t); - uint32x4_t compressed0 = - libcrux_intrinsics_arm64__vaddq_u32(compressed, half); - uint32x4_t compressed1 = libcrux_intrinsics_arm64__vreinterpretq_u32_s32( - libcrux_intrinsics_arm64__vqdmulhq_n_s32( - libcrux_intrinsics_arm64__vreinterpretq_s32_u32(compressed0), - (int32_t)10321340)); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, compressed1, - uint32x4_t); + uint32x4_t half = _vdupq_n_u32(1664U); + uint32x4_t compressed = _vshlq_n_u32((int32_t)5, v, uint32x4_t); + uint32x4_t compressed0 = _vaddq_u32(compressed, half); + uint32x4_t compressed1 = _vreinterpretq_u32_s32( + _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); + return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); } /** @@ -3707,32 +3561,26 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = libcrux_intrinsics_arm64__vdupq_n_s16( + int16x8_t mask = _vdupq_n_s16( libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( (int16_t)(int32_t)5)); - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = compress_int32x4_t_af2(low00); uint32x4_t low1 = compress_int32x4_t_af2(low10); uint32x4_t high0 = compress_int32x4_t_af2(high00); uint32x4_t high1 = compress_int32x4_t_af2(high10); - int16x8_t low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - int16x8_t high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); - v.low = libcrux_intrinsics_arm64__vandq_s16(low, mask); - v.high = libcrux_intrinsics_arm64__vandq_s16(high, mask); + int16x8_t low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + int16x8_t high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); + v.low = _vandq_s16(low, mask); + v.high = _vandq_s16(high, mask); return v; } @@ -3850,7 +3698,7 @@ static void encrypt_unpacked_541( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); @@ -3859,7 +3707,7 @@ static void encrypt_unpacked_541( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = @@ -3879,7 +3727,7 @@ static void encrypt_unpacked_541( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = @@ -3948,7 +3796,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; @@ -3959,12 +3807,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4065,17 +3913,17 @@ static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[2U][2U]; memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 @@ -4090,7 +3938,7 @@ static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; @@ -4174,12 +4022,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; encrypt_4e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = @@ -4187,7 +4035,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( uint8_t shared_secret_array[32U]; kdf_af_631(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4203,14 +4051,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)10 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)10, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)10, decompressed0, uint32x4_t); } /** @@ -4222,27 +4067,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a(low00); uint32x4_t low1 = decompress_uint32x4_t_7a(low10); uint32x4_t high0 = decompress_uint32x4_t_7a(high00); uint32x4_t high1 = decompress_uint32x4_t_7a(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4294,14 +4133,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a0(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)11 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)11, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)11, decompressed0, uint32x4_t); } /** @@ -4313,27 +4149,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de0( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a0(low00); uint32x4_t low1 = decompress_uint32x4_t_7a0(low10); uint32x4_t high0 = decompress_uint32x4_t_7a0(high00); uint32x4_t high1 = decompress_uint32x4_t_7a0(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4459,14 +4289,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a1(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)4 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)4, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)4, decompressed0, uint32x4_t); } /** @@ -4478,27 +4305,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de1( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a1(low00); uint32x4_t low1 = decompress_uint32x4_t_7a1(low10); uint32x4_t high0 = decompress_uint32x4_t_7a1(high00); uint32x4_t high1 = decompress_uint32x4_t_7a1(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4549,14 +4370,11 @@ libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a2(uint32x4_t v) { - uint32x4_t coeff = libcrux_intrinsics_arm64__vdupq_n_u32( - 1U << (uint32_t)((int32_t)5 - (int32_t)1)); - uint32x4_t decompressed = libcrux_intrinsics_arm64__vmulq_n_u32( - v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = - libcrux_intrinsics_arm64__vaddq_u32(decompressed, coeff); - return libcrux_intrinsics_arm64__vshrq_n_u32((int32_t)5, decompressed0, - uint32x4_t); + uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); + uint32x4_t decompressed = + _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); + return _vshrq_n_u32((int32_t)5, decompressed0, uint32x4_t); } /** @@ -4568,27 +4386,21 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_ciphertext_coefficient_de2( libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = libcrux_intrinsics_arm64__vdupq_n_u32(65535U); - uint32x4_t low00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.low), - uint32x4_t); - uint32x4_t high00 = libcrux_intrinsics_arm64__vandq_u32( - libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = libcrux_intrinsics_arm64__vshrq_n_u32( - (int32_t)16, libcrux_intrinsics_arm64__vreinterpretq_u32_s16(v.high), - uint32x4_t); + uint32x4_t mask16 = _vdupq_n_u32(65535U); + uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); + uint32x4_t low10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); + uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); + uint32x4_t high10 = + _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); uint32x4_t low0 = decompress_uint32x4_t_7a2(low00); uint32x4_t low1 = decompress_uint32x4_t_7a2(low10); uint32x4_t high0 = decompress_uint32x4_t_7a2(high00); uint32x4_t high1 = decompress_uint32x4_t_7a2(high10); - v.low = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(low1)); - v.high = libcrux_intrinsics_arm64__vtrn1q_s16( - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high0), - libcrux_intrinsics_arm64__vreinterpretq_s16_u32(high1)); + v.low = + _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); + v.high = + _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); return v; } @@ -4874,7 +4686,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -4966,7 +4778,7 @@ static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; deserialize_secret_key_4f1(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -5054,7 +4866,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_821( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -5287,7 +5099,7 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_550(uint8_t input[3U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return shake128_init_absorb_6b0(copy_of_input); @@ -5572,13 +5384,13 @@ static KRML_MUSTINLINE void sample_from_xof_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); Simd128Hash xof_state = shake128_init_absorb_48_550(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e61( @@ -5589,7 +5401,7 @@ static KRML_MUSTINLINE void sample_from_xof_c00( } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_48_ad0(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); @@ -5597,7 +5409,7 @@ static KRML_MUSTINLINE void sample_from_xof_c00( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; @@ -5622,7 +5434,7 @@ static KRML_MUSTINLINE void sample_matrix_A_480( closure_de0(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( @@ -5630,7 +5442,7 @@ static KRML_MUSTINLINE void sample_matrix_A_480( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; @@ -5736,7 +5548,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -5753,7 +5565,7 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -5913,7 +5725,7 @@ static tuple_9b0 generate_keypair_unpacked_ff0( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); @@ -5922,7 +5734,7 @@ static tuple_9b0 generate_keypair_unpacked_ff0( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; @@ -5937,18 +5749,18 @@ static tuple_9b0 generate_keypair_unpacked_ff0( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[3U] [3U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; @@ -5959,7 +5771,7 @@ static tuple_9b0 generate_keypair_unpacked_ff0( memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -6062,7 +5874,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -6072,7 +5884,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -6107,11 +5919,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -6224,14 +6036,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( @@ -6254,7 +6066,7 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -6272,7 +6084,7 @@ sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[3U]; memcpy( copy_of_error_1, error_1, @@ -6495,7 +6307,7 @@ static void encrypt_unpacked_540( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); @@ -6504,7 +6316,7 @@ static void encrypt_unpacked_540( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = @@ -6524,7 +6336,7 @@ static void encrypt_unpacked_540( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = @@ -6593,7 +6405,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; @@ -6604,12 +6416,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -6710,17 +6522,17 @@ static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[3U][3U]; memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd @@ -6735,7 +6547,7 @@ static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; @@ -6819,12 +6631,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; encrypt_4e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = @@ -6832,7 +6644,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( uint8_t shared_secret_array[32U]; kdf_af_630(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7044,7 +6856,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; @@ -7112,7 +6924,7 @@ static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; deserialize_secret_key_4f0(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -7200,7 +7012,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_820( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; @@ -7433,7 +7245,7 @@ libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics */ static KRML_MUSTINLINE Simd128Hash shake128_init_absorb_48_55(uint8_t input[4U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); return shake128_init_absorb_6b(copy_of_input); @@ -7724,13 +7536,13 @@ static KRML_MUSTINLINE void sample_from_xof_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); Simd128Hash xof_state = shake128_init_absorb_48_55(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_e6( @@ -7741,7 +7553,7 @@ static KRML_MUSTINLINE void sample_from_xof_c0( } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_48_ad(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); @@ -7749,7 +7561,7 @@ static KRML_MUSTINLINE void sample_from_xof_c0( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[4U][272U]; memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; @@ -7774,7 +7586,7 @@ static KRML_MUSTINLINE void sample_matrix_A_48( closure_de(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( @@ -7782,7 +7594,7 @@ static KRML_MUSTINLINE void sample_matrix_A_48( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; @@ -7891,7 +7703,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -7908,7 +7720,7 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -8068,7 +7880,7 @@ static tuple_54 generate_keypair_unpacked_ff( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); @@ -8077,7 +7889,7 @@ static tuple_54 generate_keypair_unpacked_ff( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; @@ -8092,18 +7904,18 @@ static tuple_54 generate_keypair_unpacked_ff( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[4U] [4U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; @@ -8114,7 +7926,7 @@ static tuple_54 generate_keypair_unpacked_ff( memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -8217,7 +8029,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -8227,7 +8039,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -8262,11 +8074,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); @@ -8379,14 +8191,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[3168U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( @@ -8409,7 +8221,7 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_06();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -8427,7 +8239,7 @@ sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_2c(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[4U]; memcpy( copy_of_error_1, error_1, @@ -8703,7 +8515,7 @@ static void encrypt_unpacked_54( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); @@ -8712,7 +8524,7 @@ static void encrypt_unpacked_54( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = @@ -8732,7 +8544,7 @@ static void encrypt_unpacked_54( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = @@ -8802,7 +8614,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; @@ -8813,12 +8625,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -8919,17 +8731,17 @@ static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[4U][4U]; memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c @@ -8944,7 +8756,7 @@ static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; @@ -9028,12 +8840,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; encrypt_4e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = @@ -9041,7 +8853,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( uint8_t shared_secret_array[32U]; kdf_af_63(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9295,7 +9107,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; @@ -9363,7 +9175,7 @@ static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; deserialize_secret_key_4f(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -9452,7 +9264,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_82( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index eb50c46dd..4aac58084 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index fd2294739..39f30d882 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "internal/libcrux_mlkem_portable.h" @@ -2123,7 +2123,7 @@ shake128_init_absorb_411(uint8_t input[4U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); @@ -2145,7 +2145,7 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); return shake128_init_absorb_411(copy_of_input); @@ -2429,13 +2429,13 @@ static KRML_MUSTINLINE void sample_from_xof_f61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); PortableHash_d1 xof_state = shake128_init_absorb_f1_511(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_023( @@ -2446,7 +2446,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_f1_681(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); @@ -2454,7 +2454,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[4U][272U]; memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; @@ -2480,7 +2480,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( closure_821(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( @@ -2488,7 +2488,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; @@ -2925,7 +2925,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -2942,7 +2942,7 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -3206,7 +3206,7 @@ static tuple_540 generate_keypair_unpacked_a91( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); @@ -3215,7 +3215,7 @@ static tuple_540 generate_keypair_unpacked_a91( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; @@ -3230,18 +3230,18 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] [4U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; @@ -3252,7 +3252,7 @@ static tuple_540 generate_keypair_unpacked_a91( memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -3380,7 +3380,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -3390,7 +3390,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -3426,11 +3426,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1568U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); @@ -3544,14 +3544,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[3168U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c0( @@ -3575,7 +3575,7 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; @@ -3593,7 +3593,7 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( copy_of_error_1, error_1, @@ -4276,7 +4276,7 @@ static void encrypt_unpacked_651( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); @@ -4285,7 +4285,7 @@ static void encrypt_unpacked_651( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = @@ -4305,7 +4305,7 @@ static void encrypt_unpacked_651( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = @@ -4376,7 +4376,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; @@ -4387,12 +4387,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -4494,17 +4494,17 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 @@ -4519,7 +4519,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; @@ -4603,12 +4603,12 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; encrypt_f71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = @@ -4616,7 +4616,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( uint8_t shared_secret_array[32U]; kdf_af_f4(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -5192,7 +5192,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; @@ -5284,7 +5284,7 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; deserialize_secret_key_6b1(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -5373,7 +5373,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; @@ -5595,7 +5595,7 @@ shake128_init_absorb_410(uint8_t input[2U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); @@ -5617,7 +5617,7 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); return shake128_init_absorb_410(copy_of_input); @@ -5875,13 +5875,13 @@ static KRML_MUSTINLINE void sample_from_xof_f60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); PortableHash_8b xof_state = shake128_init_absorb_f1_510(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_021( @@ -5892,7 +5892,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_f1_680(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); @@ -5900,7 +5900,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[2U][272U]; memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; @@ -5926,7 +5926,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( closure_820(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( @@ -5934,7 +5934,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; @@ -6035,7 +6035,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6052,7 +6052,7 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -6214,7 +6214,7 @@ static tuple_4c generate_keypair_unpacked_a90( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); @@ -6223,7 +6223,7 @@ static tuple_4c generate_keypair_unpacked_a90( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; @@ -6238,18 +6238,18 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] [2U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; @@ -6260,7 +6260,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -6365,7 +6365,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -6375,7 +6375,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -6411,11 +6411,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[800U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)800U * sizeof(uint8_t)); @@ -6529,14 +6529,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1632U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c1( @@ -6593,7 +6593,7 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; @@ -6611,7 +6611,7 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( copy_of_error_1, error_1, @@ -6888,7 +6888,7 @@ static void encrypt_unpacked_650( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); @@ -6897,7 +6897,7 @@ static void encrypt_unpacked_650( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = @@ -6917,7 +6917,7 @@ static void encrypt_unpacked_650( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = @@ -6987,7 +6987,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; @@ -6998,12 +6998,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7105,17 +7105,17 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae @@ -7130,7 +7130,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; @@ -7214,12 +7214,12 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; encrypt_f70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = @@ -7227,7 +7227,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( uint8_t shared_secret_array[32U]; kdf_af_26(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -7481,7 +7481,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -7549,7 +7549,7 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; deserialize_secret_key_6b0(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -7637,7 +7637,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; @@ -7860,7 +7860,7 @@ shake128_init_absorb_41(uint8_t input[3U][34U]) { &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice));); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); @@ -7882,7 +7882,7 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return shake128_init_absorb_41(copy_of_input); @@ -8140,13 +8140,13 @@ static KRML_MUSTINLINE void sample_from_xof_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); PortableHash_58 xof_state = shake128_init_absorb_f1_51(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_02( @@ -8157,7 +8157,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_f1_68(&xof_state, randomness); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); @@ -8165,7 +8165,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( copy_of_randomness, sampled_coefficients, out); } } - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ int16_t copy_of_out[3U][272U]; memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; @@ -8191,7 +8191,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( closure_82(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed[34U]; memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( @@ -8199,7 +8199,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; @@ -8289,7 +8289,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8306,7 +8306,7 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( copy_of_re_as_ntt, re_as_ntt, @@ -8468,7 +8468,7 @@ static tuple_9b generate_keypair_unpacked_a9( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); @@ -8477,7 +8477,7 @@ static tuple_9b generate_keypair_unpacked_a9( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; @@ -8492,18 +8492,18 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] [3U]; memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; @@ -8514,7 +8514,7 @@ static tuple_9b generate_keypair_unpacked_a9( memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -8619,7 +8619,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_implicit_rejection_value[32U]; memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); @@ -8629,7 +8629,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_hash[32U]; memcpy(copy_of_public_key_hash, public_key_hash, (size_t)32U * sizeof(uint8_t)); @@ -8665,11 +8665,11 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key_serialized[1184U]; memcpy(copy_of_public_key_serialized, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); @@ -8783,14 +8783,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[2400U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); return libcrux_ml_kem_types_from_17_2c( @@ -8814,7 +8814,7 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_02();); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; @@ -8832,7 +8832,7 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { sample_from_binomial_distribution_e3(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( copy_of_error_1, error_1, @@ -9056,7 +9056,7 @@ static void encrypt_unpacked_65( uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); @@ -9065,7 +9065,7 @@ static void encrypt_unpacked_65( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = @@ -9085,7 +9085,7 @@ static void encrypt_unpacked_65( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = @@ -9155,7 +9155,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; @@ -9166,12 +9166,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9273,17 +9273,17 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seed_for_A[32U]; memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 @@ -9298,7 +9298,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; @@ -9382,12 +9382,12 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice uu____2 = Eurydice_array_to_slice( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, Eurydice_slice); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; encrypt_f7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = @@ -9395,7 +9395,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( uint8_t shared_secret_array[32U]; kdf_af_69(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, (size_t)32U * sizeof(uint8_t)); @@ -9608,7 +9608,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; @@ -9676,7 +9676,7 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; deserialize_secret_key_6b(secret_key, secret_as_ntt); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( copy_of_secret_as_ntt, secret_as_ntt, @@ -9764,7 +9764,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index ea777873b..59e15235c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 554d431d4..cf02dc3bc 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 67f9c8b91..814ac74f7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index de79d0e42..2354d05fe 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 185e7fc66..b0f8e37b8 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_internal_H @@ -147,7 +147,7 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_a[1U]; memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; @@ -281,7 +281,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, copy_of_b); @@ -1503,7 +1503,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, copy_of_b); @@ -1612,7 +1612,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de(uu____0, copy_of_b); @@ -1645,7 +1645,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_39(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -1737,7 +1737,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -1748,7 +1748,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -1804,7 +1804,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf4(copy_of_data, out); @@ -1847,7 +1847,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de3(uu____0, copy_of_b); @@ -1893,7 +1893,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, copy_of_b); @@ -1962,7 +1962,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_393(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -2093,7 +2093,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2104,7 +2104,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2160,7 +2160,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf3(copy_of_data, out); @@ -2203,7 +2203,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de2(uu____0, copy_of_b); @@ -2249,7 +2249,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, copy_of_b); @@ -2318,7 +2318,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_392(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -2449,7 +2449,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2460,7 +2460,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2516,7 +2516,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf2(copy_of_data, out); @@ -2534,7 +2534,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de0(uu____0, copy_of_b); @@ -2567,7 +2567,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_390(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -2659,7 +2659,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2670,7 +2670,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2726,7 +2726,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf1(copy_of_data, out); @@ -2780,7 +2780,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2791,7 +2791,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -2847,7 +2847,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf0(copy_of_data, out); @@ -2890,7 +2890,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_portable_keccak_load_block_de1(uu____0, copy_of_b); @@ -2936,7 +2936,7 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, copy_of_b); @@ -3005,7 +3005,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_391(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); @@ -3135,7 +3135,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -3146,7 +3146,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; @@ -3202,7 +3202,7 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); libcrux_sha3_generic_keccak_keccak_cf(copy_of_data, out); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index c1cf5cca8..d565000e0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_sha3_neon.h" @@ -19,17 +19,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ -static KRML_MUSTINLINE uint64x2_t zero_fa(void) { - return libcrux_intrinsics_arm64__vdupq_n_u64(0ULL); -} +static KRML_MUSTINLINE uint64x2_t zero_fa(void) { return _vdupq_n_u64(0ULL); } static KRML_MUSTINLINE uint64x2_t _veor5q_u64(uint64x2_t a, uint64x2_t b, uint64x2_t c, uint64x2_t d, uint64x2_t e) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); - uint64x2_t cd = libcrux_intrinsics_arm64__veorq_u64(c, d); - uint64x2_t abcd = libcrux_intrinsics_arm64__veorq_u64(ab, cd); - return libcrux_intrinsics_arm64__veorq_u64(abcd, e); + uint64x2_t ab = _veorq_u64(a, b); + uint64x2_t cd = _veorq_u64(c, d); + uint64x2_t abcd = _veorq_u64(ab, cd); + return _veorq_u64(abcd, e); } /** @@ -49,14 +47,13 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64x2_t rotate_left_58(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)1, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)63, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)1, x, uint64x2_t), + _vshrq_n_u64((int32_t)63, x, uint64x2_t)); } static KRML_MUSTINLINE uint64x2_t _vrax1q_u64(uint64x2_t a, uint64x2_t b) { uint64x2_t uu____0 = a; - return libcrux_intrinsics_arm64__veorq_u64(uu____0, rotate_left_58(b)); + return _veorq_u64(uu____0, rotate_left_58(b)); } /** @@ -70,8 +67,7 @@ static KRML_MUSTINLINE uint64x2_t rotate_left1_and_xor_fa(uint64x2_t a, static KRML_MUSTINLINE uint64x2_t _vbcaxq_u64(uint64x2_t a, uint64x2_t b, uint64x2_t c) { - return libcrux_intrinsics_arm64__veorq_u64( - a, libcrux_intrinsics_arm64__vbicq_u64(b, c)); + return _veorq_u64(a, _vbicq_u64(b, c)); } /** @@ -84,8 +80,8 @@ static KRML_MUSTINLINE uint64x2_t and_not_xor_fa(uint64x2_t a, uint64x2_t b, } static KRML_MUSTINLINE uint64x2_t _veorq_n_u64(uint64x2_t a, uint64_t c) { - uint64x2_t c0 = libcrux_intrinsics_arm64__vdupq_n_u64(c); - return libcrux_intrinsics_arm64__veorq_u64(a, c0); + uint64x2_t c0 = _vdupq_n_u64(c); + return _veorq_u64(a, c0); } /** @@ -101,7 +97,7 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ static KRML_MUSTINLINE uint64x2_t xor_fa(uint64x2_t a, uint64x2_t b) { - return libcrux_intrinsics_arm64__veorq_u64(a, b); + return _veorq_u64(a, b); } static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, @@ -118,7 +114,7 @@ usize> for core::core_arch::arm_shared::neon::uint64x2_t)} */ static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, size_t len, Eurydice_slice ret[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_a[2U]; memcpy(copy_of_a, a, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret0[2U]; @@ -208,24 +204,20 @@ static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)72U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -249,9 +241,9 @@ static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -267,7 +259,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c(uu____0, copy_of_b); @@ -280,9 +272,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64x2_t rotate_left_580(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)36, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)28, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)36, x, uint64x2_t), + _vshrq_n_u64((int32_t)28, x, uint64x2_t)); } /** @@ -292,7 +283,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c1(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_580(ab); } @@ -318,9 +309,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64x2_t rotate_left_581(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)3, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)61, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)3, x, uint64x2_t), + _vshrq_n_u64((int32_t)61, x, uint64x2_t)); } /** @@ -330,7 +320,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c10(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_581(ab); } @@ -356,9 +346,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64x2_t rotate_left_582(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)41, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)23, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)41, x, uint64x2_t), + _vshrq_n_u64((int32_t)23, x, uint64x2_t)); } /** @@ -368,7 +357,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c11(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_582(ab); } @@ -394,9 +383,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64x2_t rotate_left_583(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)18, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)46, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)18, x, uint64x2_t), + _vshrq_n_u64((int32_t)46, x, uint64x2_t)); } /** @@ -406,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c12(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_583(ab); } @@ -432,7 +420,7 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c13(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_58(ab); } @@ -458,9 +446,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64x2_t rotate_left_584(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)44, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)20, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)44, x, uint64x2_t), + _vshrq_n_u64((int32_t)20, x, uint64x2_t)); } /** @@ -470,7 +457,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c14(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_584(ab); } @@ -496,9 +483,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64x2_t rotate_left_585(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)10, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)54, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)10, x, uint64x2_t), + _vshrq_n_u64((int32_t)54, x, uint64x2_t)); } /** @@ -508,7 +494,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c15(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_585(ab); } @@ -534,9 +520,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64x2_t rotate_left_586(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)45, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)19, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)45, x, uint64x2_t), + _vshrq_n_u64((int32_t)19, x, uint64x2_t)); } /** @@ -546,7 +531,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c16(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_586(ab); } @@ -572,9 +557,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64x2_t rotate_left_587(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)2, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)62, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)2, x, uint64x2_t), + _vshrq_n_u64((int32_t)62, x, uint64x2_t)); } /** @@ -584,7 +568,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c17(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_587(ab); } @@ -610,9 +594,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64x2_t rotate_left_588(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)62, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)2, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)62, x, uint64x2_t), + _vshrq_n_u64((int32_t)2, x, uint64x2_t)); } /** @@ -622,7 +605,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c18(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_588(ab); } @@ -648,9 +631,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64x2_t rotate_left_589(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)6, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)58, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)6, x, uint64x2_t), + _vshrq_n_u64((int32_t)58, x, uint64x2_t)); } /** @@ -660,7 +642,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c19(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_589(ab); } @@ -686,9 +668,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5810(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)43, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)21, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)43, x, uint64x2_t), + _vshrq_n_u64((int32_t)21, x, uint64x2_t)); } /** @@ -698,7 +679,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c110(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5810(ab); } @@ -724,9 +705,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5811(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)15, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)49, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)15, x, uint64x2_t), + _vshrq_n_u64((int32_t)49, x, uint64x2_t)); } /** @@ -736,7 +716,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c111(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5811(ab); } @@ -762,9 +742,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5812(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)61, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)3, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)61, x, uint64x2_t), + _vshrq_n_u64((int32_t)3, x, uint64x2_t)); } /** @@ -774,7 +753,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c112(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5812(ab); } @@ -800,9 +779,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5813(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)28, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)36, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)28, x, uint64x2_t), + _vshrq_n_u64((int32_t)36, x, uint64x2_t)); } /** @@ -812,7 +790,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c113(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5813(ab); } @@ -838,9 +816,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5814(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)55, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)9, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)55, x, uint64x2_t), + _vshrq_n_u64((int32_t)9, x, uint64x2_t)); } /** @@ -850,7 +827,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c114(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5814(ab); } @@ -876,9 +853,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5815(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)25, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)39, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)25, x, uint64x2_t), + _vshrq_n_u64((int32_t)39, x, uint64x2_t)); } /** @@ -888,7 +864,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c115(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5815(ab); } @@ -914,9 +890,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5816(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)21, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)43, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)21, x, uint64x2_t), + _vshrq_n_u64((int32_t)43, x, uint64x2_t)); } /** @@ -926,7 +901,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c116(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5816(ab); } @@ -952,9 +927,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5817(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)56, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)8, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)56, x, uint64x2_t), + _vshrq_n_u64((int32_t)8, x, uint64x2_t)); } /** @@ -964,7 +938,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c117(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5817(ab); } @@ -990,9 +964,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5818(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)27, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)37, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)27, x, uint64x2_t), + _vshrq_n_u64((int32_t)37, x, uint64x2_t)); } /** @@ -1002,7 +975,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c118(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5818(ab); } @@ -1028,9 +1001,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5819(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)20, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)44, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)20, x, uint64x2_t), + _vshrq_n_u64((int32_t)44, x, uint64x2_t)); } /** @@ -1040,7 +1012,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c119(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5819(ab); } @@ -1066,9 +1038,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5820(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)39, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)25, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)39, x, uint64x2_t), + _vshrq_n_u64((int32_t)25, x, uint64x2_t)); } /** @@ -1078,7 +1049,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c120(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5820(ab); } @@ -1104,9 +1075,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5821(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)8, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)56, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)8, x, uint64x2_t), + _vshrq_n_u64((int32_t)56, x, uint64x2_t)); } /** @@ -1116,7 +1086,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c121(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5821(ab); } @@ -1142,9 +1112,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64x2_t rotate_left_5822(uint64x2_t x) { - return libcrux_intrinsics_arm64__veorq_u64( - libcrux_intrinsics_arm64__vshlq_n_u64((int32_t)14, x, uint64x2_t), - libcrux_intrinsics_arm64__vshrq_n_u64((int32_t)50, x, uint64x2_t)); + return _veorq_u64(_vshlq_n_u64((int32_t)14, x, uint64x2_t), + _vshrq_n_u64((int32_t)50, x, uint64x2_t)); } /** @@ -1154,7 +1123,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c122(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = libcrux_intrinsics_arm64__veorq_u64(a, b); + uint64x2_t ab = _veorq_u64(a, b); return rotate_left_5822(ab); } @@ -1360,7 +1329,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e(uu____0, copy_of_b); @@ -1404,30 +1373,28 @@ static KRML_MUSTINLINE void store_block_2f(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)72U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -1462,7 +1429,7 @@ static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -1587,7 +1554,7 @@ static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -1597,7 +1564,7 @@ static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -1653,7 +1620,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_59(copy_of_data, out); @@ -1680,24 +1647,20 @@ static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)136U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -1721,9 +1684,9 @@ static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -1739,7 +1702,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c0(uu____0, copy_of_b); @@ -1787,7 +1750,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e0(uu____0, copy_of_b); @@ -1831,30 +1794,28 @@ static KRML_MUSTINLINE void store_block_2f0(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)136U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -1889,7 +1850,7 @@ static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f0(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -2014,7 +1975,7 @@ static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2024,7 +1985,7 @@ static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2080,7 +2041,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_590(copy_of_data, out); @@ -2143,7 +2104,7 @@ static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2153,7 +2114,7 @@ static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2209,7 +2170,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_591(copy_of_data, out); @@ -2244,24 +2205,20 @@ static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)168U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -2285,9 +2242,9 @@ static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -2317,7 +2274,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e1(uu____0, copy_of_b); @@ -2371,30 +2328,28 @@ static KRML_MUSTINLINE void store_block_2f1(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)168U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -2512,24 +2467,20 @@ static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)144U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -2553,9 +2504,9 @@ static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -2571,7 +2522,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c2(uu____0, copy_of_b); @@ -2619,7 +2570,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e2(uu____0, copy_of_b); @@ -2663,30 +2614,28 @@ static KRML_MUSTINLINE void store_block_2f2(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)144U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -2721,7 +2670,7 @@ static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f2(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -2846,7 +2795,7 @@ static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2856,7 +2805,7 @@ static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -2912,7 +2861,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_592(copy_of_data, out); @@ -2940,24 +2889,20 @@ static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], Eurydice_slice blocks[2U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - uint64x2_t v1 = - libcrux_intrinsics_arm64__vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - libcrux_intrinsics_arm64__vtrn1q_u64(v0, v1)); + uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( + blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( + s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], + _vtrn1q_u64(v0, v1)); s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_arm64__veorq_u64( - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - libcrux_intrinsics_arm64__vtrn2q_u64(v0, v1)); + _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], + _vtrn2q_u64(v0, v1)); } if ((size_t)104U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; @@ -2981,9 +2926,9 @@ static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____1); u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = libcrux_intrinsics_arm64__vld1q_u64( + uint64x2_t uvec = _vld1q_u64( Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = libcrux_intrinsics_arm64__veorq_u64(s[i][j], uvec); + s[i][j] = _veorq_u64(s[i][j], uvec); } } @@ -2999,7 +2944,7 @@ with const generics static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], Eurydice_slice b[2U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[2U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); load_block_3c3(uu____0, copy_of_b); @@ -3047,7 +2992,7 @@ with const generics static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], uint8_t b[2U][200U]) { uint64x2_t(*uu____0)[5U] = a; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[2U][200U]; memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); load_block_full_3e3(uu____0, copy_of_b); @@ -3091,30 +3036,28 @@ static KRML_MUSTINLINE void store_block_2f3(uint64x2_t (*s)[5U], Eurydice_slice out[2U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { size_t i0 = i; - uint64x2_t v0 = libcrux_intrinsics_arm64__vtrn1q_u64( + uint64x2_t v0 = _vtrn1q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = libcrux_intrinsics_arm64__vtrn2q_u64( + uint64x2_t v1 = _vtrn2q_u64( s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v0); - libcrux_intrinsics_arm64__vst1q_bytes_u64( - Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), - v1); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v0); + _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, + (size_t)16U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice), + v1); } if ((size_t)104U % (size_t)16U != (size_t)0U) { size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; uint8_t u[16U] = {0U}; - libcrux_intrinsics_arm64__vst1q_bytes_u64( + _vst1q_bytes_u64( Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____0 = @@ -3149,7 +3092,7 @@ static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; store_block_2f3(s, buf); - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); uint8_t uu____1[200U]; @@ -3274,7 +3217,7 @@ static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -3284,7 +3227,7 @@ static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); Eurydice_slice ret[2U]; @@ -3340,7 +3283,7 @@ with const generics */ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], Eurydice_slice out[2U]) { - /* This copy dictated by the Rust value passing semantics */ + /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[2U]; memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); keccak_593(copy_of_data, out); diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 18ac37d7c..983358000 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: c52405ea0a57830cfac5f952072ffe083ccb94f7 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_sha3_neon_H From 90358e0a5c7185a6ca5a058da9b43826827e5dfd Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 09:16:15 -0700 Subject: [PATCH 06/16] Regenerate on Intel --- libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 233 +- .../c/internal/libcrux_mlkem_avx2.h | 6 +- .../c/internal/libcrux_mlkem_portable.h | 50 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 6 +- .../c/internal/libcrux_sha3_internal.h | 46 +- libcrux-ml-kem/c/libcrux_core.c | 310 +- libcrux-ml-kem/c/libcrux_core.h | 124 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 54 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 64 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 6 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 9294 ++++++++++++++++- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 509 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 9268 +--------------- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 574 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2865 ++--- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 188 +- libcrux-ml-kem/c/libcrux_sha3.h | 20 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2338 ++++- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 41 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 744 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 3282 +----- libcrux-ml-kem/c/libcrux_sha3_neon.h | 31 +- 36 files changed, 15017 insertions(+), 15336 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index db12e833c..e391dab17 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -235,5 +235,5 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] - - [libcrux_intrinsics, arm64] - - [libcrux_intrinsics, avx2] + # - [libcrux_intrinsics, arm64] + # - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 8ac29a1be..31c8dfd1b 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb -Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 -F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 -Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 +Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 +Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6e626b2cc..b8b4cc329 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_core_H @@ -23,6 +23,8 @@ extern "C" { #define CORE_NUM__U32_8__BITS (32U) +static inline uint32_t core_num__u8_6__count_ones(uint8_t x0); + uint8_t libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( Eurydice_slice lhs, Eurydice_slice rhs); @@ -71,10 +73,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -86,12 +88,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** This function found in impl {(core::convert::From<@Array> for @@ -100,10 +102,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -112,10 +114,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]); +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]); /** A reference to the raw byte slice. @@ -126,10 +128,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -138,10 +140,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -149,10 +151,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]); +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]); /** This function found in impl {(core::convert::From<@Array> for @@ -161,10 +163,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -176,12 +178,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk); +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** This function found in impl {(core::convert::From<@Array> for @@ -190,10 +192,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -202,10 +204,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]); +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]); /** A reference to the raw byte slice. @@ -216,10 +218,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** This function found in impl {(core::convert::AsRef<@Slice> for @@ -228,10 +230,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** Pad the `slice` with `0`s at the end. @@ -239,10 +241,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]); +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]); /** This function found in impl {(core::convert::From<@Array> for @@ -251,10 +253,10 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -266,12 +268,12 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk); /** This function found in impl {(core::convert::From<@Array> for @@ -280,10 +282,10 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -292,10 +294,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]); +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]); /** A reference to the raw byte slice. @@ -306,10 +308,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self); +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self); /** Pad the `slice` with `0`s at the end. @@ -319,7 +321,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -353,7 +355,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -363,10 +365,10 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** Pad the `slice` with `0`s at the end. @@ -374,10 +376,10 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]); +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]); /** Pad the `slice` with `0`s at the end. @@ -387,18 +389,77 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]); /** -A monomorphic instance of core.option.Option -with types Eurydice_slice uint8_t +A monomorphic instance of core.result.Result +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_6f_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[24U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_6f; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_7a_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[20U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_7a; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]); + +/** +A monomorphic instance of core.result.Result +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_cd_s { + core_result_Result_00_tags tag; + union { + uint8_t case_Ok[10U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_cd; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_option_Option_44_s { - core_option_Option_ef_tags tag; - Eurydice_slice f0; -} core_option_Option_44; +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]); /** A monomorphic instance of core.result.Result @@ -423,10 +484,10 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_f9(core_result_Result_c0 self, int16_t ret[16U]); -typedef struct Eurydice_slice_uint8_t_2size_t__x2_s { - Eurydice_slice fst[2U]; - Eurydice_slice snd[2U]; -} Eurydice_slice_uint8_t_2size_t__x2; +typedef struct Eurydice_slice_uint8_t_4size_t__x2_s { + Eurydice_slice fst[4U]; + Eurydice_slice snd[4U]; +} Eurydice_slice_uint8_t_4size_t__x2; #if defined(__cplusplus) } diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 5a5776797..ba6f74a0f 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 7c85dde7e..0436054d3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); /** Packed API @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); /** Packed API @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); /** Packed API @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 545a20b77..71f9fa63d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c18dac469..a2772321d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __internal_libcrux_sha3_internal_H @@ -29,7 +29,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_48 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_25(s, buf); + libcrux_sha3_generic_keccak_absorb_final_72(s, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); } /** @@ -60,7 +60,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,15 +68,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); } /** @@ -86,7 +86,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_4d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); } #define libcrux_sha3_Sha224 0 @@ -149,7 +149,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,29 +157,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); } /** @@ -189,7 +189,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_34(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); } /** @@ -199,7 +199,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_250(s, buf); + libcrux_sha3_generic_keccak_absorb_final_720(s, buf); } /** @@ -207,7 +207,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_7a(); + return libcrux_sha3_generic_keccak_new_1e_f2(); } /** @@ -217,7 +217,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_580(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); } /** @@ -227,7 +227,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_c80(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index bb30330cf..c1d56db43 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "internal/libcrux_core.h" @@ -96,15 +96,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 800 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_571( - uint8_t value[800U]) { +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( + uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_1f lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -118,13 +118,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_2c1( - libcrux_ml_kem_types_MlKemPrivateKey_5e sk, - libcrux_ml_kem_types_MlKemPublicKey_be pk) { - return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( + libcrux_ml_kem_types_MlKemPrivateKey_95 sk, + libcrux_ml_kem_types_MlKemPublicKey_1f pk) { + return ( + CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); } /** @@ -134,15 +135,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 1632 +- SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_e01( - uint8_t value[1632U]) { +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( + uint8_t value[3168U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 lit; + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -153,15 +154,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 768 +- SIZE= 1568 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_201( - uint8_t value[768U]) { +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( + uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -174,10 +175,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 800 +- SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f1( - libcrux_ml_kem_types_MlKemPublicKey_be *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( + libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -188,11 +189,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 768 +- SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( - libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, Eurydice_slice); } @@ -202,11 +203,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f01( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 800 +- LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, - uint8_t ret[800U]) { - uint8_t out[800U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, + uint8_t ret[1600U]) { + uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -214,7 +215,7 @@ void libcrux_ml_kem_utils_into_padded_array_974(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** @@ -224,15 +225,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1568 +- SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_570( - uint8_t value[1568U]) { +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( + uint8_t value[1184U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_15 lit; + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -246,14 +247,14 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_2c0( - libcrux_ml_kem_types_MlKemPrivateKey_95 sk, - libcrux_ml_kem_types_MlKemPublicKey_1f pk) { +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( + libcrux_ml_kem_types_MlKemPrivateKey_55 sk, + libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( - CLITERAL(libcrux_ml_kem_mlkem1024_MlKem1024KeyPair){.sk = sk, .pk = pk}); + CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** @@ -263,15 +264,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 3168 +- SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_e00( - uint8_t value[3168U]) { +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( + uint8_t value[2400U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[3168U]; - memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 lit; + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -282,15 +283,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_200( - uint8_t value[1568U]) { +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( + uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -303,10 +304,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1568 +- SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f0( - libcrux_ml_kem_types_MlKemPublicKey_1f *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( + libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -317,11 +318,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1568 +- SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); } @@ -331,11 +332,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f00( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1600 +- LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, - uint8_t ret[1600U]) { - uint8_t out[1600U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, + uint8_t ret[1120U]) { + uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -343,7 +344,7 @@ void libcrux_ml_kem_utils_into_padded_array_973(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** @@ -353,15 +354,15 @@ libcrux_ml_kem::types::MlKemPublicKey)#14} /** A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics -- SIZE= 1184 +- SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_57( - uint8_t value[1184U]) { +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( + uint8_t value[800U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPublicKey_be lit; + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -375,14 +376,13 @@ This function found in impl /** A monomorphic instance of libcrux_ml_kem.types.from_17 with const generics -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_2c( - libcrux_ml_kem_types_MlKemPrivateKey_55 sk, - libcrux_ml_kem_types_MlKemPublicKey_15 pk) { - return ( - CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( + libcrux_ml_kem_types_MlKemPrivateKey_5e sk, + libcrux_ml_kem_types_MlKemPublicKey_be pk) { + return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** @@ -392,15 +392,15 @@ libcrux_ml_kem::types::MlKemPrivateKey)#8} /** A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics -- SIZE= 2400 +- SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_e0( - uint8_t value[2400U]) { +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( + uint8_t value[1632U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e lit; + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -411,15 +411,15 @@ libcrux_ml_kem::types::MlKemCiphertext)#2} /** A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics -- SIZE= 1088 +- SIZE= 768 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_20( - uint8_t value[1088U]) { +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( + uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 lit; + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } @@ -432,10 +432,10 @@ This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} /** A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics -- SIZE= 1184 +- SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_1f( - libcrux_ml_kem_types_MlKemPublicKey_15 *self) { +uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( + libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -447,7 +447,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_972(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; @@ -488,7 +488,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_971(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; @@ -508,11 +508,11 @@ libcrux_ml_kem::types::MlKemCiphertext)#1} /** A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics -- SIZE= 1088 +- SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, +Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( + libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, Eurydice_slice); } @@ -522,11 +522,11 @@ Eurydice_slice libcrux_ml_kem_types_as_ref_00_f0( /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics -- LEN= 1120 +- LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, - uint8_t ret[1120U]) { - uint8_t out[1120U] = {0U}; +void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, + uint8_t ret[800U]) { + uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( @@ -534,7 +534,7 @@ void libcrux_ml_kem_utils_into_padded_array_970(Eurydice_slice slice, core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, Eurydice_slice), slice, uint8_t, void *); - memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } /** @@ -545,7 +545,7 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; @@ -558,6 +558,66 @@ void libcrux_ml_kem_utils_into_padded_array_97(Eurydice_slice slice, memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[24size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_1c(core_result_Result_6f self, uint8_t ret[24U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[24U]; + memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[20size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_34(core_result_Result_7a self, uint8_t ret[20U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[20U]; + memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[10size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_e8(core_result_Result_cd self, uint8_t ret[10U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[10U]; + memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {core::result::Result} */ diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 61a3e31f6..40be3b44a 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_core_H @@ -49,64 +49,6 @@ static inline uint64_t core_num__u64_9__from_le_bytes(uint8_t x0[8U]); static inline void core_num__u64_9__to_le_bytes(uint64_t x0, uint8_t x1[8U]); -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey -with const generics -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { - uint8_t value[800U]; -} libcrux_ml_kem_types_MlKemPublicKey_be; - -/** -A monomorphic instance of core.option.Option -with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] - -*/ -typedef struct core_option_Option_04_s { - core_option_Option_ef_tags tag; - libcrux_ml_kem_types_MlKemPublicKey_be f0; -} core_option_Option_04; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey -with const generics -- $1632size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { - uint8_t value[1632U]; -} libcrux_ml_kem_types_MlKemPrivateKey_5e; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair -with const generics -- $1632size_t -- $800size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { - libcrux_ml_kem_types_MlKemPrivateKey_5e sk; - libcrux_ml_kem_types_MlKemPublicKey_be pk; -} libcrux_ml_kem_types_MlKemKeyPair_cb; - -/** -A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext -with const generics -- $768size_t -*/ -typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { - uint8_t value[768U]; -} libcrux_ml_kem_types_MlKemCiphertext_e8; - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] - -*/ -typedef struct tuple_ec_s { - libcrux_ml_kem_types_MlKemCiphertext_e8 fst; - uint8_t snd[32U]; -} tuple_ec; - /** A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey with const generics @@ -203,6 +145,64 @@ typedef struct tuple_3c_s { uint8_t snd[32U]; } tuple_3c; +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPublicKey +with const generics +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPublicKey_be_s { + uint8_t value[800U]; +} libcrux_ml_kem_types_MlKemPublicKey_be; + +/** +A monomorphic instance of core.option.Option +with types libcrux_ml_kem_types_MlKemPublicKey[[$800size_t]] + +*/ +typedef struct core_option_Option_04_s { + core_option_Option_ef_tags tag; + libcrux_ml_kem_types_MlKemPublicKey_be f0; +} core_option_Option_04; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemPrivateKey +with const generics +- $1632size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemPrivateKey_5e_s { + uint8_t value[1632U]; +} libcrux_ml_kem_types_MlKemPrivateKey_5e; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemKeyPair +with const generics +- $1632size_t +- $800size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemKeyPair_cb_s { + libcrux_ml_kem_types_MlKemPrivateKey_5e sk; + libcrux_ml_kem_types_MlKemPublicKey_be pk; +} libcrux_ml_kem_types_MlKemKeyPair_cb; + +/** +A monomorphic instance of libcrux_ml_kem.types.MlKemCiphertext +with const generics +- $768size_t +*/ +typedef struct libcrux_ml_kem_types_MlKemCiphertext_e8_s { + uint8_t value[768U]; +} libcrux_ml_kem_types_MlKemCiphertext_e8; + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_types_MlKemCiphertext[[$768size_t]], uint8_t[32size_t] + +*/ +typedef struct tuple_ec_s { + libcrux_ml_kem_types_MlKemCiphertext_e8 fst; + uint8_t snd[32U]; +} tuple_ec; + #define core_result_Ok 0 #define core_result_Err 1 diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8cf2e1852..6d0432bcc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 638100d27..6b6dabae9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem1024_avx2.h" @@ -125,9 +125,10 @@ static tuple_21 encapsulate_b2( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); } /** @@ -141,9 +142,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_b2(uu____0, copy_of_randomness); } /** @@ -172,9 +174,11 @@ static tuple_21 encapsulate_unpacked_16( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, + copy_of_randomness); } /** @@ -192,9 +196,10 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_16(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_16(uu____0, copy_of_randomness); } /** @@ -213,9 +218,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); } /** @@ -223,9 +229,10 @@ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f6(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_f6(copy_of_randomness); } /** @@ -245,9 +252,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 generate_keypair_unpacked_d9(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830( + copy_of_randomness); } /** @@ -256,9 +265,10 @@ generate_keypair_unpacked_d9(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d9(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 63dc40f87..3eb7ab530 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 226a7972a..47b7414e5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_3e( +static void decapsulate_52( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_711(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_3e(private_key, ciphertext, ret); + decapsulate_52(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_81( +static void decapsulate_unpacked_b6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_81(private_key, ciphertext, ret); + decapsulate_unpacked_b6(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_48( +static tuple_21 encapsulate_ec( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d1(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_48(uu____0, copy_of_randomness); + return encapsulate_ec(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ac( +static tuple_21 encapsulate_unpacked_9a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_ac( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_861(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ac(uu____0, copy_of_randomness); + return encapsulate_unpacked_9a(uu____0, copy_of_randomness); } /** @@ -217,12 +217,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_6e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f1(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); } /** @@ -233,7 +233,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_6e(copy_of_randomness); + return generate_keypair_0e(copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_f5(uint8_t randomness[64U]) { +generate_keypair_unpacked_4a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_f5(copy_of_randomness); + return generate_keypair_unpacked_4a(copy_of_randomness); } /** @@ -283,8 +283,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_2a1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_991(public_key); +static bool validate_public_key_e11(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); } /** @@ -295,7 +295,7 @@ static bool validate_public_key_2a1(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_2a1(public_key.value)) { + if (validate_public_key_e11(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index b53ebe718..969f1f171 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index fde1eaaf3..f1b352eb1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index c3bc43264..d62291692 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem512_avx2.h" @@ -121,9 +121,10 @@ static tuple_ec encapsulate_72( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_72(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_ec encapsulate_unpacked_14( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_14(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( */ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_27(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_27(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 generate_keypair_unpacked_2c(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_2c(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2c(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_2c(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index e347d189e..05e34bdaf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index fa4106f06..06ceac83b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_710(private_key, ciphertext, ret); +static void decapsulate_be0( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_3f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_3f(private_key, ciphertext, ret); + decapsulate_be0(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_73( +static void decapsulate_unpacked_06( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_73( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_73(private_key, ciphertext, ret); + decapsulate_unpacked_06(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_10( +static tuple_ec encapsulate_f3( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d0(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_10(uu____0, copy_of_randomness); + return encapsulate_f3(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_49( +static tuple_ec encapsulate_unpacked_01( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_49( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_860(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_49(uu____0, copy_of_randomness); + return encapsulate_unpacked_01(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_f9( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f0(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f9(copy_of_randomness); + return generate_keypair_df(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_d6(uint8_t randomness[64U]) { +generate_keypair_unpacked_c0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(copy_of_randomness); + return generate_keypair_unpacked_c0(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_2a0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_990(public_key); +static bool validate_public_key_e10(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_2a0(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_2a0(public_key.value)) { + if (validate_public_key_e10(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 75f921f45..f8f12869b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index f2bd4e669..9967f5950 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 97c57c897..dd79bbbda 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem768_avx2.h" @@ -121,9 +121,10 @@ static tuple_3c encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); } /** @@ -137,9 +138,10 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_54(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_54(uu____0, copy_of_randomness); } /** @@ -168,9 +170,11 @@ static tuple_3c encapsulate_unpacked_94( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, + copy_of_randomness); } /** @@ -186,9 +190,10 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_94(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_94(uu____0, copy_of_randomness); } /** @@ -207,9 +212,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); } /** @@ -217,9 +223,10 @@ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( */ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_e4(copy_of_randomness); } /** @@ -239,9 +246,11 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 generate_keypair_unpacked_35(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831( + copy_of_randomness); } /** @@ -250,9 +259,10 @@ generate_keypair_unpacked_35(uint8_t randomness[64U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_35(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_35(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index fc58e53f4..f683880f8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: d6e4d1bb9c27c4eebbebcb29ba8bea1d58741421 - * Karamel: 2bd16e63cfbfa2b81d3c45d597b811ca2a12d430 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: ef25d68772c7a677441e035cb3187800d831ca09 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 0e5c36ee3..d9c847566 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_03( +static void decapsulate_be( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_71(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_03( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_03(private_key, ciphertext, ret); + decapsulate_be(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_69( +static void decapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_69( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_69(private_key, ciphertext, ret); + decapsulate_unpacked_d4(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_4b( +static tuple_3c encapsulate_13( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_9d(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_4b(uu____0, copy_of_randomness); + return encapsulate_13(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_10( +static tuple_3c encapsulate_unpacked_1b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_10( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_86(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_10(uu____0, copy_of_randomness); + return encapsulate_unpacked_1b(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_64( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_6f(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_64(copy_of_randomness); + return generate_keypair_ff(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_c5(uint8_t randomness[64U]) { +generate_keypair_unpacked_37(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c5(copy_of_randomness); + return generate_keypair_unpacked_37(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_2a(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_99(public_key); +static bool validate_public_key_e1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_2a(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_2a(public_key.value)) { + if (validate_public_key_e1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 5d21a7998..ae0b2abf7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index a2890d7fa..b99e1ded1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,13 +5,17 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ -#include "libcrux_mlkem_avx2.h" +#include "internal/libcrux_mlkem_avx2.h" + +#include "internal/libcrux_core.h" +#include "internal/libcrux_mlkem_portable.h" +#include "internal/libcrux_sha3_avx2.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -30,3 +34,9283 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { + return libcrux_ml_kem_vector_avx2_zero(); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { + return libcrux_ml_kem_vector_avx2_from_i16_array(array); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, + int16_t ret[16U]) { + int16_t output[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + memcpy(ret, output, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { + libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { + return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c) { + return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + vector, constant); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); +} + +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); + __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + __m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { + return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant) { + __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + __m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant) { + return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + vector, constant); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + __m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { + return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + vector); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c) { + __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm256_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, + zeta2, zeta3); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, + vector, __m256i); + __m256i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + rhs, zetas); + __m256i lhs = + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); +} + +KRML_MUSTINLINE __m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + __m128i v, __m128i c) { + __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + value_low, + libcrux_intrinsics_avx2_mm_set1_epi16( + (int16_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + __m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, + vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, + vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, + sum_times_zetas, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + vector, zeta0, zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, __m256i); + __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, __m256i); + __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, + sum_times_zetas, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, + zeta1); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + __m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { + return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + v, + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t) + LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); + __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + __m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); + __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i products_left0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_left); + __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, + (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, + (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, + (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, + (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + __m256i products_right0 = + libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + products_right); + __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, products_right0, __m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { + return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, + zeta1, zeta2, zeta3); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + uint8_t serialized[2U] = {0U}; + serialized[0U] = (uint8_t)bits_packed; + serialized[1U] = (uint8_t)(bits_packed >> 8U); + memcpy(ret, serialized, (size_t)2U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, + coefficients_in_msb, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + __m256i vector, uint8_t ret[8U]) { + uint8_t serialized[16U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); + __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); + uint8_t ret0[8U]; + core_result_Result_56 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); + core_result_unwrap_41_ac(dst, ret0); + memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { + __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients_in_msb, __m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + __m256i vector, uint8_t ret[10U]) { + uint8_t serialized[32U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, __m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[10U]; + core_result_Result_cd dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); + core_result_unwrap_41_e8(dst, ret0); + memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { + __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + __m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, + (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + __m256i vector, uint8_t ret[20U]) { + uint8_t serialized[32U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[20U]; + core_result_Result_7a dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); + core_result_unwrap_41_34(dst, ret0); + memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, + 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, + 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)6, coefficients1, __m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + __m256i vector, uint8_t ret[22U]) { + int16_t array[16U] = {0U}; + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector input = + libcrux_ml_kem_vector_portable_from_i16_array_0d( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + uint8_t ret0[22U]; + libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); + memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector output = + libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); + int16_t array[16U]; + libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + __m256i vector, uint8_t ret[24U]) { + uint8_t serialized[32U] = {0U}; + __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, + (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); + __m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, __m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), + lower_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); + uint8_t ret0[24U]; + core_result_Result_6f dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); + core_result_unwrap_41_1c(dst, ret0); + memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]) { + libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { + __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, + 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, + 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, __m256i); + __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)4, coefficients1, __m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { + return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); +} + +KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = + libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); + __m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); + uint8_t good[2U]; + libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, + good); + uint8_t lower_shuffles[16U]; + memcpy(lower_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[0U]], + (size_t)16U * sizeof(uint8_t)); + __m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); + uint8_t upper_shuffles[16U]; + memcpy(upper_shuffles, + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( + size_t)good[1U]], + (size_t)16U * sizeof(uint8_t)); + __m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); + size_t uu____0 = sampled_count; + return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output) { + return libcrux_ml_kem_vector_avx2_sampling_rejection_sample(input, output); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { + return self[0U]; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[2U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[3U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[4U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[5U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[6U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[7U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[8U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[9U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[10U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[11U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[12U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[13U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[14U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + lit.coefficients[15U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); + return lit; +} + +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + re.coefficients[i0] = + libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); + } + return re; +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1184 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right +with const generics +- SHIFT_BY= 15 +*/ +static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea +with const generics +- SHIFT_BY= 15 +*/ +static __m256i shift_right_ea_92(__m256i vector) { + return shift_right_98(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.traits.to_unsigned_representative with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static __m256i to_unsigned_representative_a4(__m256i a) { + __m256i t = shift_right_ea_92(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { + uint8_t serialized[384U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); + uint8_t bytes[24U]; + libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 1152 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae1( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1152U]) { + uint8_t out[1152U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +static KRML_MUSTINLINE void serialize_public_key_d01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1184U]) { + uint8_t public_key_serialized[1184U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); + uint8_t ret0[1152U]; + serialize_secret_key_ae1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- PUBLIC_KEY_SIZE= 1184 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + deserialize_ring_elements_reduced_5d4( + Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01( + uu____0, + Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static void closure_b81( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_4d1(uint8_t input[3U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_4d1(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { + uint8_t out[3U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const +generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { + shake128_squeeze_three_blocks_6b1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( + uint8_t randomness[3U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_1b1( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { + uint8_t out[3U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { + shake128_squeeze_block_1b1(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 3 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( + uint8_t randomness[3U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +from_i16_array_89_10(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); + } + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_from_xof_b01( + uint8_t seeds[3U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + size_t sampled_coefficients[3U] = {0U}; + int16_t out[3U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_a9_ca1(copy_of_seeds); + uint8_t randomness0[3U][504U]; + shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb3( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[3U][168U]; + shake128_squeeze_block_a9_5a1(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb4( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret0[i] = closure_791(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a21( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + closure_b81(A_transpose[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; + sample_from_xof_b01(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + memcpy(ret, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[3size_t], uint8_t + +*/ +typedef struct tuple_b00_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[3U]; + uint8_t snd; +} tuple_b00; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + uint8_t out[3U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], + uint8_t ret[3U][128U]) { + PRFxN_1c2(input, ret); +} + +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)4U, + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u32 = + (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 24U; + uint32_t even_bits = random_bits_as_u32 & 1431655765U; + uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; + uint32_t coin_toss_outcomes = even_bits + odd_bits; + for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { + uint32_t outcome_set = i; + uint32_t outcome_set0 = outcome_set * 4U; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); + int16_t outcome_2 = + (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); + size_t offset = (size_t)(outcome_set0 >> 2U); + sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { + int16_t sampled_i16s[256U] = {0U}; + for (size_t i0 = (size_t)0U; + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { + size_t chunk_number = i0; + Eurydice_slice byte_chunk = Eurydice_slice_subslice2( + randomness, chunk_number * (size_t)3U, + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + uint32_t random_bits_as_u24 = + ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, + uint8_t *, uint8_t) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, + uint8_t *, uint8_t) + << 8U) | + (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, + uint8_t *, uint8_t) + << 16U; + uint32_t first_bits = random_bits_as_u24 & 2396745U; + uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; + uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; + uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; + for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { + int32_t outcome_set = i; + int32_t outcome_set0 = outcome_set * (int32_t)6; + int16_t outcome_1 = + (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); + int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> + (uint32_t)(outcome_set0 + (int32_t)3) & + 7U); + size_t offset = (size_t)(outcome_set0 / (int32_t)6); + sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; + } + } + return from_i16_array_89_10(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_470(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_c1(randomness); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_7_45( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; + for (size_t i = (size_t)0U; i < step; i++) { + size_t j = i; + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); + re->coefficients[j + step] = + libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); + re->coefficients[j] = + libcrux_ml_kem_vector_avx2_add_ea(re->coefficients[j], &t); + } +} + +typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { + __m256i fst; + __m256i snd; +} libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_9d(b, zeta_r); + b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); + a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = offset / (size_t)16U; + size_t step_vec = step / (size_t)16U; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + ntt_layer_int_vec_step_f4( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_3_b4( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_2_7c( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_at_layer_1_c2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] + (size_t)1U; + re->coefficients[round] = libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void poly_barrett_reduce_89_99( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + self->coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(self->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + ntt_at_layer_7_45(re); + size_t zeta_i = (size_t)1U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, copy_of_re_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + out.coefficients[i0] = libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + &self->coefficients[i0], &rhs->coefficients[i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + + (size_t)4U * i0 + + (size_t)3U]); + } + return out; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_971( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static __m256i to_standard_domain_42(__m256i v) { + return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + __m256i coefficient_normal_form = + to_standard_domain_42(self->coefficients[j]); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f01( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_9b0 generate_keypair_unpacked_6c1( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_681(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a21(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e31( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; + __m256i ret[16U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3( + i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; + memcpy(uu____2, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + uint8_t pk_serialized[1184U]; + serialize_public_key_d01( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- PRIVATE_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- RANKED_BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( + Eurydice_slice key_generation_seed) { + tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t public_key_serialized[1184U]; + serialize_public_key_d01(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1152U]; + serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- SERIALIZED_KEY_LEN= 2400 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_751( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { + uint8_t out[2400U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_651(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CPA_PRIVATE_KEY_SIZE= 1152 +- PRIVATE_KEY_SIZE= 2400 +- PUBLIC_KEY_SIZE= 1184 +- BYTES_PER_RING_ELEMENT= 1152 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem768_MlKem768KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = + generate_keypair_e11(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1152U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); + uint8_t public_key[1184U]; + memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); + uint8_t secret_key_serialized[2400U]; + serialize_kem_secret_key_751( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = + libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_b00 +sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[3U][33U]; + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[3U][128U]; + PRFxN_a9_512(prf_inputs, prf_outputs); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; + memcpy( + copy_of_error_1, error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_b00 lit; + memcpy( + lit.fst, copy_of_error_1, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { + uint8_t digest[128U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)2U], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)3U]); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - + (size_t)1U]); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + re->coefficients[round] = + libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + re->coefficients[round], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]);); +} + +/** +A monomorphic instance of +libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 +inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); + a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(a, &b)); + b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, + .snd = b}); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( + size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, + size_t layer) { + size_t step = (size_t)1U << (uint32_t)layer; + for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { + size_t round = i0; + zeta_i[0U] = zeta_i[0U] - (size_t)1U; + size_t offset = round * step * (size_t)2U; + size_t offset_vec = + offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + size_t step_vec = + step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; + for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { + size_t j = i; + libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = + inv_ntt_layer_int_vec_step_reduce_df( + re->coefficients[j], re->coefficients[j + step_vec], + libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; + re->coefficients[j] = x; + re->coefficients[j + step_vec] = y; + } + } +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_571( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void add_error_reduce_89_91( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t j = i; + __m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + self->coefficients[j], (int16_t)1441); + self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, + &error->coefficients[j])); + } +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void compute_vector_u_001( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_971(&result[i1], &product); + } + invert_ntt_montgomery_571(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static __m256i decompress_1_91(__m256i v) { + return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), + &v), + (int16_t)1665); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + __m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + return re; +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +add_message_error_reduce_89_67( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + result.coefficients[i0], (int16_t)1441); + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = + libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); + result.coefficients[i0] = + libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); + } + return result; +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_711( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 10 +*/ +static __m256i compress_ea_80(__m256i vector) { + return compress_ciphertext_coefficient_8a(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_10_2f( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t serialized[320U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = + compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[20U]; + libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a0(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 11 +*/ +static __m256i compress_ea_800(__m256i vector) { + return compress_ciphertext_coefficient_8a0(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +- OUT_LEN= 320 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { + uint8_t uu____0[320U]; + compress_then_serialize_10_2f(re, uu____0); + memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- OUT_LEN= 960 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_841( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)3U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)960U / (size_t)3U), + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a1(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 4 +*/ +static __m256i compress_ea_801(__m256i vector) { + return compress_ciphertext_coefficient_8a1(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_4_b7( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = + compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[8U]; + libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)8U * i0, + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_8a2(__m256i vector) { + __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_low, field_modulus_halved); + __m256i compressed_low1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, + compression_factor); + __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( + compressed_high, field_modulus_halved); + __m256i compressed_high1 = + libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, + compression_factor); + __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( + compressed_high2, coefficient_bits_mask); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + compressed_low3, compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea +with const generics +- COEFFICIENT_BITS= 5 +*/ +static __m256i compress_ea_802(__m256i vector) { + return compress_ciphertext_coefficient_8a2(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_5_35( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, + Eurydice_slice serialized) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficients = + compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + uint8_t bytes[10U]; + libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); + core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(serialized, (size_t)10U * i0, + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +- OUT_LEN= 128 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_4_b7(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_881( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_934( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_841( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1152 +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + deserialize_ring_elements_reduced_5d3( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a21(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1088U]; + encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +*/ +static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- PUBLIC_KEY_SIZE= 1184 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( + libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e21( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_651(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, + Eurydice_slice); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1088U]; + encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_501(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_3c lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 10 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_55(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 10 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { + return decompress_ciphertext_coefficient_55(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_10_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 11 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_550(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 11 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { + return decompress_ciphertext_coefficient_550(vector); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_11_8d(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { + return deserialize_then_decompress_10_a7(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 4 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_551(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 4 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { + return decompress_ciphertext_coefficient_551(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_4_9a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const +generics +- COEFFICIENT_BITS= 5 +*/ +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_552(__m256i vector) { + __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + __m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_low0, field_modulus); + __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, __m128i); + __m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( + coefficients_high0, field_modulus); + __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( + decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( + (int32_t)1, decompressed_high2, __m256i); + __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( + decompressed_low3, decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, + compressed, __m256i); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const +generics +- COEFFICIENT_BITS= 5 +*/ +static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { + return decompress_ciphertext_coefficient_552(vector); +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_5_75(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); + re.coefficients[i0] = + decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + } + return re; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { + return deserialize_then_decompress_4_9a(serialized); +} + +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient_normal_form = + libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + b.coefficients[i0], (int16_t)1441); + b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + libcrux_ml_kem_vector_avx2_sub_ea(self->coefficients[i0], + &coefficient_normal_form)); + } + return b; +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_221( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_971(&result, &product);); + invert_ntt_montgomery_571(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_message with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE void compress_then_serialize_message_ec( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { + uint8_t serialized[32U] = {0U}; + KRML_MAYBE_FOR16( + i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; + __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); + __m256i coefficient_compressed = + libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); + uint8_t bytes[2U]; + libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); + memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c1( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; + deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF +with const generics +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { + uint8_t digest[32U] = {0U}; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); + memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 3 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics + +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); + for (size_t i = (size_t)0U; + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { + size_t i0 = i; + Eurydice_slice bytes = Eurydice_slice_subslice2( + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + } + return re; +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_201( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- VECTOR_U_ENCODED_SIZE= 960 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + deserialize_secret_key_201(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 3 +- SECRET_KEY_SIZE= 2400 +- CPA_SECRET_KEY_SIZE= 1152 +- PUBLIC_KEY_SIZE= 1184 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_SIZE= 960 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c41( + libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, + libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_681( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1120U]; + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_933( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1088U]; + encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_501( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_501(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1568 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1536 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[1536U]) { + uint8_t out[1536U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +static KRML_MUSTINLINE void serialize_public_key_d00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[1568U]) { + uint8_t public_key_serialized[1568U] = {0U}; + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); + uint8_t ret0[1536U]; + serialize_secret_key_ae0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- PUBLIC_KEY_SIZE= 1568 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + deserialize_ring_elements_reduced_5d2( + Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00( + uu____0, + Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$4size_t]] + +*/ +typedef struct tuple_54_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 snd; +} tuple_54; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static void closure_b80( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_4d0(uint8_t input[4U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_4d0(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { + uint8_t out[4U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____2[504U]; + memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____3[504U]; + memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const +generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { + shake128_squeeze_three_blocks_6b0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( + uint8_t randomness[4U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_1b0( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { + uint8_t out[4U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____2[168U]; + memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____3[168U]; + memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { + shake128_squeeze_block_1b0(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 4 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( + uint8_t randomness[4U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_from_xof_b00( + uint8_t seeds[4U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + size_t sampled_coefficients[4U] = {0U}; + int16_t out[4U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_a9_ca0(copy_of_seeds); + uint8_t randomness0[4U][504U]; + shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb1( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[4U][168U]; + shake128_squeeze_block_a9_5a0(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb2( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret0[i] = closure_790(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a20( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + closure_b80(A_transpose[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; + sample_from_xof_b00(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + memcpy(ret, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[4size_t], uint8_t + +*/ +typedef struct tuple_71_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[4U]; + uint8_t snd; +} tuple_71; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + uint8_t out[4U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____2[128U]; + memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); + memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____3[128U]; + memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); + memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], + uint8_t ret[4U][128U]) { + PRFxN_1c1(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA= 2 +- ETA_RANDOMNESS_SIZE= 128 +*/ +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, copy_of_re_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_970( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static tuple_54 generate_keypair_unpacked_6c0( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_680(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a20(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static void closure_e30( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4( + i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; + memcpy(uu____2, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + uint8_t pk_serialized[1568U]; + serialize_public_key_d00( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- PRIVATE_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- RANKED_BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( + Eurydice_slice key_generation_seed) { + tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t public_key_serialized[1568U]; + serialize_public_key_d00(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[1536U]; + serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- SERIALIZED_KEY_LEN= 3168 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_750( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { + uint8_t out[3168U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_650(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CPA_PRIVATE_KEY_SIZE= 1536 +- PRIVATE_KEY_SIZE= 3168 +- PUBLIC_KEY_SIZE= 1568 +- BYTES_PER_RING_ELEMENT= 1536 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair +libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = + generate_keypair_e10(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[1536U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); + uint8_t public_key[1568U]; + memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); + uint8_t secret_key_serialized[3168U]; + serialize_kem_secret_key_750( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = + libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_71 +sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[4U][33U]; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[4U][128U]; + PRFxN_a9_511(prf_inputs, prf_outputs); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; + memcpy( + copy_of_error_1, error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_71 lit; + memcpy( + lit.fst, copy_of_error_1, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_570( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void compute_vector_u_000( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_970(&result[i1], &product); + } + invert_ntt_montgomery_570(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_710( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** +A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_11_d10( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t serialized[352U] = {0U}; + for (size_t i = (size_t)0U; + i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { + size_t i0 = i; + __m256i coefficient = + compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + uint8_t bytes[22U]; + libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +- OUT_LEN= 352 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { + uint8_t uu____0[352U]; + compress_then_serialize_11_d10(re, uu____0); + memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- OUT_LEN= 1408 +- COMPRESSION_FACTOR= 11 +- BLOCK_LEN= 352 +*/ +static void compress_then_serialize_u_840( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)4U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)1408U / (size_t)4U), + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); + uint8_t ret[352U]; + compress_then_serialize_ring_element_u_b20(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +- OUT_LEN= 160 +*/ +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { + compress_then_serialize_5_35(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_880( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; + memcpy( + error_1, uu____3.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_932( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_840( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_390( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 1536 +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_LEN= 1408 +- C2_LEN= 160 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +- BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[1568U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + deserialize_ring_elements_reduced_5d1( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a20(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)4U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[1568U]; + encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +*/ +static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- PUBLIC_KEY_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- VECTOR_U_BLOCK_LEN= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( + libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e20( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_650(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, + Eurydice_slice); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[1568U]; + encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_500(shared_secret, shared_secret_array); + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_21 lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { + return deserialize_then_decompress_11_8d(serialized); +} + +/** +A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- VECTOR_U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void ntt_vector_u_fe0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = (size_t)0U; + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_b4(&zeta_i, re); + ntt_at_layer_2_7c(&zeta_i, re); + ntt_at_layer_1_c2(&zeta_i, re); + poly_barrett_reduce_89_99(re); +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- U_COMPRESSION_FACTOR= 11 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)11U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); + ntt_vector_u_fe0(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- COMPRESSION_FACTOR= 5 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_75(serialized); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_220( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_970(&result, &product);); + invert_ntt_montgomery_570(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_unpacked_8c0( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; + deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b0( + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 4 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_200( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 4 +- CIPHERTEXT_SIZE= 1568 +- VECTOR_U_ENCODED_SIZE= 1408 +- U_COMPRESSION_FACTOR= 11 +- V_COMPRESSION_FACTOR= 5 +*/ +static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + deserialize_secret_key_200(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 4 +- SECRET_KEY_SIZE= 3168 +- CPA_SECRET_KEY_SIZE= 1536 +- PUBLIC_KEY_SIZE= 1568 +- CIPHERTEXT_SIZE= 1568 +- T_AS_NTT_ENCODED_SIZE= 1536 +- C1_SIZE= 1408 +- C2_SIZE= 160 +- VECTOR_U_COMPRESSION_FACTOR= 11 +- VECTOR_V_COMPRESSION_FACTOR= 5 +- C1_BLOCK_SIZE= 352 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c40( + libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, + libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, + uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_680( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[1600U]; + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_931( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[1568U]; + encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_500( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_500(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 800 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 768 +*/ +static KRML_MUSTINLINE void serialize_secret_key_ae( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, + uint8_t ret[768U]) { + uint8_t out[768U] = {0U}; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + uint8_t ret0[384U]; + serialize_uncompressed_ring_element_92(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + } + memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); +} + +/** + Concatenate `t` and `ρ` into the public key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +static KRML_MUSTINLINE void serialize_public_key_d0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + Eurydice_slice seed_for_a, uint8_t ret[800U]) { + uint8_t public_key_serialized[800U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + uint8_t ret0[768U]; + serialize_secret_key_ae(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); + memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- PUBLIC_KEY_SIZE= 800 +*/ +bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + deserialize_ring_elements_reduced_5d0( + Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + deserialized_pk); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0( + uu____0, + Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + public_key_serialized); + return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( + (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$2size_t]] + +*/ +typedef struct tuple_4c_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 snd; +} tuple_4c; + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { + libcrux_ml_kem_hash_functions_avx2_G(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static void closure_b8( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_4d(uint8_t input[2U][34U]) { + libcrux_sha3_generic_keccak_KeccakState_29 state = + libcrux_sha3_avx2_x4_incremental_init(); + libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + return state; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_4d(copy_of_input); +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { + uint8_t out[2U][504U] = {{0U}}; + uint8_t out0[504U] = {0U}; + uint8_t out1[504U] = {0U}; + uint8_t out2[504U] = {0U}; + uint8_t out3[504U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[504U]; + memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); + uint8_t uu____1[504U]; + memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const +generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { + shake128_squeeze_three_blocks_6b(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 504 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( + uint8_t randomness[2U][504U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_1b( + libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { + uint8_t out[2U][168U] = {{0U}}; + uint8_t out0[168U] = {0U}; + uint8_t out1[168U] = {0U}; + uint8_t out2[168U] = {0U}; + uint8_t out3[168U] = {0U}; + libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[168U]; + memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); + uint8_t uu____1[168U]; + memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of +libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( + libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { + shake128_squeeze_block_1b(self, ret); +} + +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- K= 2 +- N= 168 +*/ +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( + uint8_t randomness[2U][168U], size_t *sampled_coefficients, + int16_t (*out)[272U]) { + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { + size_t r = i; + if (sampled_coefficients[i1] < + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, + uint8_t, Eurydice_slice); + size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); + size_t uu____1 = i1; + sampled_coefficients[uu____1] = + sampled_coefficients[uu____1] + sampled; + } + }); + bool done = true; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + if (sampled_coefficients[i0] >= + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { + sampled_coefficients[i0] = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; + } else { done = false; }); + return done; +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( + int16_t s[272U]) { + return from_i16_array_89_10(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); +} + +/** +A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_from_xof_b0( + uint8_t seeds[2U][34U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + size_t sampled_coefficients[2U] = {0U}; + int16_t out[2U][272U] = {{0U}}; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = + shake128_init_absorb_a9_ca(copy_of_seeds); + uint8_t randomness0[2U][504U]; + shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_bb( + copy_of_randomness0, sampled_coefficients, out); + while (true) { + if (done) { + break; + } else { + uint8_t randomness[2U][168U]; + shake128_squeeze_block_a9_5a(&xof_state, randomness); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_bb0( + copy_of_randomness, sampled_coefficients, out); + } + } + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret0[i] = closure_79(copy_of_out[i]);); + memcpy( + ret, ret0, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void sample_matrix_A_a2( + uint8_t seed[34U], bool transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + closure_b8(A_transpose[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; + sample_from_xof_b0(copy_of_seeds, sampled); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, sampled, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; + if (transpose) { + A_transpose[j][i1] = sample; + } else { + A_transpose[i1][j] = sample; + } + } + + ); + memcpy(ret, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); +} + +/** +A monomorphic instance of K. +with types libcrux_ml_kem_polynomial_PolynomialRingElement +libcrux_ml_kem_vector_avx2_SIMD256Vector[2size_t], uint8_t + +*/ +typedef struct tuple_74_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 fst[2U]; + uint8_t snd; +} tuple_74; + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + uint8_t out[2U][192U] = {{0U}}; + uint8_t out0[192U] = {0U}; + uint8_t out1[192U] = {0U}; + uint8_t out2[192U] = {0U}; + uint8_t out3[192U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[192U]; + memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); + uint8_t uu____1[192U]; + memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 192 +*/ +static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], + uint8_t ret[2U][192U]) { + PRFxN_1c(input, ret); +} + +/** +A monomorphic instance of +libcrux_ml_kem.sampling.sample_from_binomial_distribution with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- ETA= 3 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +sample_from_binomial_distribution_47(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_43(randomness); +} + +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA= 3 +- ETA_RANDOMNESS_SIZE= 192 +*/ +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( + uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + re_as_ntt[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][192U]; + PRFxN_a9_51(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], + uint8_t, Eurydice_slice)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; + memcpy( + copy_of_re_as_ntt, re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, copy_of_re_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ +/** +This function found in impl +{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} +*/ +/** +A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void add_to_ring_element_89_97( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, + Eurydice_slice), + __m256i, size_t); + i++) { + size_t i0 = i; + self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &rhs->coefficients[i0]); + } +} + +/** + Compute  ◦ ŝ + ê +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_As_plus_e_f0( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, matrix_A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = + &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static tuple_4c generate_keypair_unpacked_6c( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + G_a9_68(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_a2(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); +} + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types +libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static void closure_e3( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + ret[i] = ZERO_89_d5();); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { + libcrux_ml_kem_hash_functions_avx2_H(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + ind_cpa_public_key = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2( + i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + clone_d5_48(&ind_cpa_public_key.A[j][i1]); + A[i1][j] = uu____1;);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; + memcpy(uu____2, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + memcpy(ind_cpa_public_key.A, uu____2, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + uint8_t pk_serialized[800U]; + serialize_public_key_d0( + ind_cpa_public_key.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, + uint8_t, Eurydice_slice), + pk_serialized); + uint8_t public_key_hash[32U]; + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), + public_key_hash); + uint8_t implicit_rejection_value[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, + uint8_t[32U], void *); + core_result_unwrap_41_83(dst, implicit_rejection_value); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = + ind_cpa_private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; + uu____5.ind_cpa_private_key = uu____3; + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = + ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; + lit.private_key = uu____5; + lit.public_key.ind_cpa_public_key = uu____6; + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- PRIVATE_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- RANKED_BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( + Eurydice_slice key_generation_seed) { + tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t public_key_serialized[800U]; + serialize_public_key_d0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); + uint8_t secret_key_serialized[768U]; + serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); + return lit; +} + +/** + Serialize the secret key. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- SERIALIZED_KEY_LEN= 1632 +*/ +static KRML_MUSTINLINE void serialize_kem_secret_key_75( + Eurydice_slice private_key, Eurydice_slice public_key, + Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { + uint8_t out[1632U] = {0U}; + size_t pointer = (size_t)0U; + uint8_t *uu____0 = out; + size_t uu____1 = pointer; + size_t uu____2 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uint8_t *uu____3 = out; + size_t uu____4 = pointer; + size_t uu____5 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); + uint8_t ret0[32U]; + H_a9_65(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; + uint8_t *uu____7 = out; + size_t uu____8 = pointer; + size_t uu____9 = pointer; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); + memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); +} + +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CPA_PRIVATE_KEY_SIZE= 768 +- PRIVATE_KEY_SIZE= 1632 +- PUBLIC_KEY_SIZE= 800 +- BYTES_PER_RING_ELEMENT= 768 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +*/ +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( + uint8_t randomness[64U]) { + Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( + randomness, (size_t)0U, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); + Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( + (size_t)64U, randomness, + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + size_t, Eurydice_slice); + libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = + generate_keypair_e1(ind_cpa_keypair_randomness); + uint8_t ind_cpa_private_key[768U]; + memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); + uint8_t public_key[800U]; + memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); + uint8_t secret_key_serialized[1632U]; + serialize_kem_secret_key_75( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), + implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = + libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); +} + +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + uint8_t out[2U][128U] = {{0U}}; + uint8_t out0[128U] = {0U}; + uint8_t out1[128U] = {0U}; + uint8_t out2[128U] = {0U}; + uint8_t out3[128U] = {0U}; + libcrux_sha3_avx2_x4_shake256( + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + uint8_t uu____0[128U]; + memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); + memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); + uint8_t uu____1[128U]; + memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); + memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); + memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRFxN_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], + uint8_t ret[2U][128U]) { + PRFxN_1c0(input, ret); +} + +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- ETA2= 2 +*/ +static KRML_MUSTINLINE tuple_74 +sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + error_1[i] = ZERO_89_d5();); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t prf_inputs[2U][33U]; + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + prf_inputs[i0][32U] = domain_separator; + domain_separator = (uint32_t)domain_separator + 1U;); + uint8_t prf_outputs[2U][128U]; + PRFxN_a9_510(prf_inputs, prf_outputs); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + error_1[i0] = uu____1;); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; + memcpy( + copy_of_error_1, error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + tuple_74 lit; + memcpy( + lit.fst, copy_of_error_1, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + lit.snd = domain_separator; + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 128 +*/ +static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, + uint8_t ret[128U]) { + PRF_420(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void invert_ntt_montgomery_57( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { + size_t zeta_i = + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; + invert_ntt_at_layer_1_78(&zeta_i, re); + invert_ntt_at_layer_2_ba(&zeta_i, re); + invert_ntt_at_layer_3_1f(&zeta_i, re); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_99(re); +} + +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void compute_vector_u_00( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + result[i] = ZERO_89_d5();); + for (size_t i0 = (size_t)0U; + i0 < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, a_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + i0++) { + size_t i1 = i0; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, row, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t j = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(a_element, &r_as_ntt[j]); + add_to_ring_element_89_97(&result[i1], &product); + } + invert_ntt_montgomery_57(&result[i1]); + add_error_reduce_89_91(&result[i1], &error_1[i1]); + } + memcpy( + ret, result, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_ring_element_v_71( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = add_message_error_reduce_89_67(error_2, message, result); + return result; +} + +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- OUT_LEN= 640 +- COMPRESSION_FACTOR= 10 +- BLOCK_LEN= 320 +*/ +static void compress_then_serialize_u_84( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], + Eurydice_slice out) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice( + (size_t)2U, input, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + i++) { + size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out, i0 * ((size_t)640U / (size_t)2U), + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); + uint8_t ret[320U]; + compress_then_serialize_ring_element_u_b2(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_unpacked_88( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; + memcpy( + error_1, uu____3.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_930( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_470(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_b9(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_84( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t, Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_39( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, + uint8_t randomness[32U]) { + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = + &public_key->ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); + uint8_t shared_secret_array[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ +/** +A monomorphic instance of +libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- PUBLIC_KEY_SIZE= 768 +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( + Eurydice_slice public_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + deserialized_pk[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice ring_element = Eurydice_slice_subslice2( + public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_reduced_ring_element_dd(ring_element); + deserialized_pk[i0] = uu____0; + } + memcpy( + ret, deserialized_pk, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_LEN= 640 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], + Eurydice_slice randomness, uint8_t ret[768U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + deserialize_ring_elements_reduced_5d( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), + t_as_ntt); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_a2(ret0, false, A); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + core_result_unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 + public_key_unpacked; + memcpy( + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + (size_t)32U * sizeof(uint8_t)); + memcpy(public_key_unpacked.A, copy_of_A, + (size_t)2U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &public_key_unpacked; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t ret1[768U]; + encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); + memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::ind_cca::Variant for +libcrux_ml_kem::ind_cca::MlKem)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af +with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +*/ +static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, + uint8_t ret[32U]) { + uint8_t out[32U] = {0U}; + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- VECTOR_U_BLOCK_LEN= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( + libcrux_ml_kem_types_MlKemPublicKey_be *public_key, + uint8_t randomness[32U]) { + uint8_t randomness0[32U]; + entropy_preprocess_af_e2( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); + uint8_t to_hash[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + size_t, Eurydice_slice); + uint8_t ret[32U]; + H_a9_65(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), + uint8_t, Eurydice_slice), + ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + Eurydice_slice uu____2 = Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + Eurydice_slice); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + uint8_t ciphertext[768U]; + encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + uint8_t shared_secret_array[32U]; + kdf_af_50(shared_secret, shared_secret_array); + libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); + tuple_ec lit; + lit.fst = uu____5; + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + return lit; +} + +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- U_COMPRESSION_FACTOR= 10 +*/ +static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( + uint8_t *ciphertext, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + u_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / + (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U); + i++) { + size_t i0 = i; + Eurydice_slice u_bytes = Eurydice_array_to_subslice2( + ciphertext, + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U), + i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U) + + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * + (size_t)10U / (size_t)8U, + uint8_t, Eurydice_slice); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); + ntt_vector_u_fe(&u_as_ntt[i0]); + } + memcpy( + ret, u_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ +/** +A monomorphic instance of libcrux_ml_kem.matrix.compute_message +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 +compute_message_22( + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = + ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_97(&result, &product);); + invert_ntt_montgomery_57(&result); + result = subtract_reduce_89_63(v, result); + return result; +} + +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_unpacked_8c( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, + uint8_t *ciphertext, uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; + deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + deserialize_then_decompress_ring_element_v_5b( + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = + compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + uint8_t ret0[32U]; + compress_then_serialize_message_ec(message, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::hash_functions::Hash for +libcrux_ml_kem::hash_functions::avx2::Simd256Hash)} +*/ +/** +A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF_a9 +with const generics +- K= 2 +- LEN= 32 +*/ +static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { + PRF_42(input, ret); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( + libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + uint8_t decrypted[32U]; + decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, + uint8_t, Eurydice_slice), + uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret = uu____1.fst; + Eurydice_slice pseudorandomness = uu____1.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), + to_hash); + Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = + &key_pair->public_key.ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); + uint8_t selector = + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( + shared_secret, + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + selector, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +*/ +static KRML_MUSTINLINE void deserialize_secret_key_20( + Eurydice_slice secret_key, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, + secret_as_ntt[i] = ZERO_89_d5();); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; + i++) { + size_t i0 = i; + Eurydice_slice secret_bytes = Eurydice_slice_subslice2( + secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_to_uncompressed_ring_element_63(secret_bytes); + secret_as_ntt[i0] = uu____0; + } + memcpy( + ret, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- K= 2 +- CIPHERTEXT_SIZE= 768 +- VECTOR_U_ENCODED_SIZE= 640 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +*/ +static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + deserialize_secret_key_20(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + secret_key_unpacked; + memcpy( + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t ret0[32U]; + decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash, libcrux_ml_kem_ind_cca_MlKem +with const generics +- K= 2 +- SECRET_KEY_SIZE= 1632 +- CPA_SECRET_KEY_SIZE= 768 +- PUBLIC_KEY_SIZE= 800 +- CIPHERTEXT_SIZE= 768 +- T_AS_NTT_ENCODED_SIZE= 768 +- C1_SIZE= 640 +- C2_SIZE= 128 +- VECTOR_U_COMPRESSION_FACTOR= 10 +- VECTOR_V_COMPRESSION_FACTOR= 4 +- C1_BLOCK_SIZE= 320 +- ETA1= 3 +- ETA1_RANDOMNESS_SIZE= 192 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 +*/ +void libcrux_ml_kem_ind_cca_decapsulate_c4( + libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), + (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_secret_key = uu____0.fst; + Eurydice_slice secret_key0 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key = uu____1.fst; + Eurydice_slice secret_key = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; + Eurydice_slice implicit_rejection_value = uu____2.snd; + uint8_t decrypted[32U]; + decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); + uint8_t to_hash0[64U]; + libcrux_ml_kem_utils_into_padded_array_2d( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice_from( + (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); + uint8_t hashed[64U]; + G_a9_68( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, + Eurydice_slice_uint8_t_x2); + Eurydice_slice shared_secret0 = uu____3.fst; + Eurydice_slice pseudorandomness = uu____3.snd; + uint8_t to_hash[800U]; + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( + (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + uint8_t implicit_rejection_shared_secret0[32U]; + PRF_a9_93( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); + Eurydice_slice uu____5 = ind_cpa_public_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t expected_ciphertext[768U]; + encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + uint8_t implicit_rejection_shared_secret[32U]; + kdf_af_50( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); + uint8_t shared_secret[32U]; + kdf_af_50(shared_secret0, shared_secret); + uint8_t ret0[32U]; + libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, + uint8_t, Eurydice_slice), + ret0); + memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); +} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index f21c1ce0f..d4cf42d54 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem_avx2_H @@ -20,7 +20,9 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" +#include "libcrux_mlkem_portable.h" #include "libcrux_sha3.h" +#include "libcrux_sha3_avx2.h" void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]); @@ -28,6 +30,505 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); +__m256i libcrux_ml_kem_vector_avx2_zero(void); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); + +__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); + +void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); + +#define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ + ((int16_t)20159) + +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant); + +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); + +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +__m128i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( + __m128i v, __m128i c); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); + +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); + +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); + +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); + +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); + +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); + +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]); + +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( + Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); + +size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( + Eurydice_slice input, Eurydice_slice output); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::avx2::SIMD256Vector)} +*/ +size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, + Eurydice_slice output); + +/** +This function found in impl {(core::clone::Clone for +libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} +*/ +__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); + +/** +A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement +with types libcrux_ml_kem_vector_avx2_SIMD256Vector + +*/ +typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { + __m256i coefficients[16U]; +} libcrux_ml_kem_polynomial_PolynomialRingElement_d2; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $4size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 + ind_cpa_private_key; + uint8_t implicit_rejection_value[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6; + +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key; + uint8_t public_key_hash[32U]; +} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6; + +/** +A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector +with const generics +- $2size_t +*/ +typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6_s { + libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 private_key; + libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 public_key; +} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6; + #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 398413b31..c14a63754 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,16 +5,13 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ -#include "internal/libcrux_mlkem_neon.h" - -#include "internal/libcrux_core.h" -#include "internal/libcrux_mlkem_portable.h" +#include "libcrux_mlkem_neon.h" KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { @@ -33,9258 +30,3 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = _vdupq_n_s16((int16_t)0), .high = _vdupq_n_s16((int16_t)0)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void) { - return libcrux_ml_kem_vector_neon_vector_type_ZERO(); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array) { - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = _vld1q_s16(Eurydice_slice_subslice2(array, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)), - .high = _vld1q_s16(Eurydice_slice_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice))}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array) { - return libcrux_ml_kem_vector_neon_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]) { - int16_t out[16U] = {0U}; - _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice), - v.low); - _vst1q_s16(Eurydice_array_to_subslice2(out, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice), - v.high); - memcpy(ret, out, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]) { - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = _vaddq_s16(lhs.low, rhs->low); - lhs.high = _vaddq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_add(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - lhs.low = _vsubq_s16(lhs.low, rhs->low); - lhs.high = _vsubq_s16(lhs.high, rhs->high); - return lhs; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs) { - return libcrux_ml_kem_vector_neon_arithmetic_sub(lhs, rhs); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = _vmulq_n_s16(v.low, c); - v.high = _vmulq_n_s16(v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - int16x8_t c0 = _vdupq_n_s16(c); - v.low = _vandq_s16(v.low, c0); - v.high = _vandq_s16(v.high, c0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant(v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t c = _vdupq_n_s16((int16_t)3329); - uint16x8_t m0 = _vcgeq_s16(v.low, c); - uint16x8_t m1 = _vcgeq_s16(v.high, c); - int16x8_t c0 = _vandq_s16(c, _vreinterpretq_s16_u16(m0)); - int16x8_t c1 = _vandq_s16(c, _vreinterpretq_s16_u16(m1)); - v.low = _vsubq_s16(v.low, c0); - v.high = _vsubq_s16(v.high, c1); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329(v); -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(int16x8_t v) { - int16x8_t adder = _vdupq_n_s16((int16_t)1024); - int16x8_t vec = _vqdmulhq_n_s16( - v, LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER); - int16x8_t vec0 = _vaddq_s16(vec, adder); - int16x8_t quotient = _vshrq_n_s16((int32_t)11, vec0, int16x8_t); - int16x8_t sub = - _vmulq_n_s16(quotient, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return _vsubq_s16(v, sub); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.low); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(v.high); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce(v); -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - int16x8_t low, int16x8_t high) { - int16x8_t k = _vreinterpretq_s16_u16(_vmulq_n_u16( - _vreinterpretq_u16_s16(low), - (uint16_t) - LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - int16x8_t c = _vshrq_n_s16( - (int32_t)1, - _vqdmulhq_n_s16(k, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS), - int16x8_t); - return _vsubq_s16(high, c); -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - int16x8_t v, int16_t c) { - int16x8_t v_low = _vmulq_n_s16(v, c); - int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_n_s16(v, c), int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - v.low = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.low, c); - v.high = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - v.high, c); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c) { - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - v, c); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t half = _vdupq_n_s16((int16_t)1664); - int16x8_t quarter = _vdupq_n_s16((int16_t)832); - int16x8_t shifted = _vsubq_s16(half, v.low); - int16x8_t mask0 = _vshrq_n_s16((int32_t)15, shifted, int16x8_t); - int16x8_t shifted_to_positive = _veorq_s16(mask0, shifted); - int16x8_t shifted_positive_in_range = - _vsubq_s16(shifted_to_positive, quarter); - v.low = _vreinterpretq_s16_u16(_vshrq_n_u16( - (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range), - uint16x8_t)); - int16x8_t shifted0 = _vsubq_s16(half, v.high); - int16x8_t mask = _vshrq_n_s16((int32_t)15, shifted0, int16x8_t); - int16x8_t shifted_to_positive0 = _veorq_s16(mask, shifted0); - int16x8_t shifted_positive_in_range0 = - _vsubq_s16(shifted_to_positive0, quarter); - v.high = _vreinterpretq_s16_u16(_vshrq_n_u16( - (int32_t)15, _vreinterpretq_u16_s16(shifted_positive_in_range0), - uint16x8_t)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_compress_compress_1(v); -} - -KRML_MUSTINLINE int16_t -libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits) { - int16_t uu____0; - switch (coefficient_bits) { - case 4: { - uu____0 = (int16_t)15; - break; - } - case 5: { - uu____0 = (int16_t)31; - break; - } - case 10: { - uu____0 = (int16_t)1023; - break; - } - case 11: { - uu____0 = (int16_t)2047; - break; - } - default: { - int16_t x = coefficient_bits; - uu____0 = ((int16_t)1 << (uint32_t)x) - (int16_t)1; - } - } - return uu____0; -} - -KRML_MUSTINLINE int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - int16x8_t v, int16x8_t c) { - int16x8_t v_low = _vmulq_s16(v, c); - int16x8_t v_high = _vshrq_n_s16((int32_t)1, _vqdmulhq_s16(v, c), int16x8_t); - return libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - v_low, v_high); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t dup_b = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - int16x8_t b = _vsubq_s16(dup_a, t); - int16x8_t a = _vaddq_s16(dup_a, t); - v.low = _vreinterpretq_s16_s32( - _vtrn1q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); - v.high = _vreinterpretq_s16_s32( - _vtrn2q_s32(_vreinterpretq_s32_s16(a), _vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step(a, zeta1, zeta2, zeta3, - zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t dup_a = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t dup_b = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(dup_b, - zeta); - int16x8_t b = _vsubq_s16(dup_a, t); - int16x8_t a = _vaddq_s16(dup_a, t); - v.low = _vreinterpretq_s16_s64( - _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - v.high = _vreinterpretq_s16_s64( - _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = _vdupq_n_s16(zeta); - int16x8_t t = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - v.high, zeta0); - v.high = _vsubq_s16(v.low, t); - v.low = _vaddq_s16(v.low, t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta1, zeta3, zeta3, zeta2, zeta2, zeta4, zeta4}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = _vreinterpretq_s16_s32(_vtrn1q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t b0 = _vreinterpretq_s16_s32(_vtrn2q_s32( - _vreinterpretq_s32_s16(v.low), _vreinterpretq_s32_s16(v.high))); - int16x8_t b_minus_a = _vsubq_s16(b0, a0); - int16x8_t a = _vaddq_s16(a0, b0); - int16x8_t a1 = - libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t(a); - int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = _vreinterpretq_s16_s32( - _vtrn1q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); - v.high = _vreinterpretq_s16_s32( - _vtrn2q_s32(_vreinterpretq_s32_s16(a1), _vreinterpretq_s32_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step(a, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2) { - int16_t zetas[8U] = {zeta1, zeta1, zeta1, zeta1, zeta2, zeta2, zeta2, zeta2}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = _vreinterpretq_s16_s64(_vtrn1q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t b0 = _vreinterpretq_s16_s64(_vtrn2q_s64( - _vreinterpretq_s64_s16(v.low), _vreinterpretq_s64_s16(v.high))); - int16x8_t b_minus_a = _vsubq_s16(b0, a0); - int16x8_t a = _vaddq_s16(a0, b0); - int16x8_t b = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta); - v.low = _vreinterpretq_s16_s64( - _vtrn1q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - v.high = _vreinterpretq_s16_s64( - _vtrn2q_s64(_vreinterpretq_s64_s16(a), _vreinterpretq_s64_s16(b))); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step(a, zeta1, zeta2); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta) { - int16x8_t zeta0 = _vdupq_n_s16(zeta); - int16x8_t b_minus_a = _vsubq_s16(v.high, v.low); - v.low = _vaddq_s16(v.low, v.high); - v.high = libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - b_minus_a, zeta0); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta) { - return libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step(a, zeta); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - int16_t zetas[8U] = {zeta1, zeta3, -zeta1, -zeta3, - zeta2, zeta4, -zeta2, -zeta4}; - int16x8_t zeta = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, zetas, int16_t, Eurydice_slice)); - int16x8_t a0 = _vtrn1q_s16(lhs->low, lhs->high); - int16x8_t a1 = _vtrn2q_s16(lhs->low, lhs->high); - int16x8_t b0 = _vtrn1q_s16(rhs->low, rhs->high); - int16x8_t b1 = _vtrn2q_s16(rhs->low, rhs->high); - int16x8_t a1b1 = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t(a1, - b1); - int32x4_t a1b1_low = _vmull_s16(_vget_low_s16(a1b1), _vget_low_s16(zeta)); - int32x4_t a1b1_high = _vmull_high_s16(a1b1, zeta); - int16x8_t fst_low = _vreinterpretq_s16_s32( - _vmlal_s16(a1b1_low, _vget_low_s16(a0), _vget_low_s16(b0))); - int16x8_t fst_high = - _vreinterpretq_s16_s32(_vmlal_high_s16(a1b1_high, a0, b0)); - int32x4_t a0b1_low = _vmull_s16(_vget_low_s16(a0), _vget_low_s16(b1)); - int32x4_t a0b1_high = _vmull_high_s16(a0, b1); - int16x8_t snd_low = _vreinterpretq_s16_s32( - _vmlal_s16(a0b1_low, _vget_low_s16(a1), _vget_low_s16(b0))); - int16x8_t snd_high = - _vreinterpretq_s16_s32(_vmlal_high_s16(a0b1_high, a1, b0)); - int16x8_t fst_low16 = _vtrn1q_s16(fst_low, fst_high); - int16x8_t fst_high16 = _vtrn2q_s16(fst_low, fst_high); - int16x8_t snd_low16 = _vtrn1q_s16(snd_low, snd_high); - int16x8_t snd_high16 = _vtrn2q_s16(snd_low, snd_high); - int16x8_t fst = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - fst_low16, fst_high16); - int16x8_t snd = - libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - snd_low16, snd_high16); - int32x4_t low0 = _vreinterpretq_s32_s16(_vtrn1q_s16(fst, snd)); - int32x4_t high0 = _vreinterpretq_s32_s16(_vtrn2q_s16(fst, snd)); - int16x8_t low1 = _vreinterpretq_s16_s32(_vtrn1q_s32(low0, high0)); - int16x8_t high1 = _vreinterpretq_s16_s32(_vtrn2q_s32(low0, high0)); - uint8_t indexes[16U] = {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, - 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U}; - uint8x16_t index = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16x8_t low2 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(low1), index)); - int16x8_t high2 = - _vreinterpretq_s16_u8(_vqtbl1q_u8(_vreinterpretq_u8_s16(high1), index)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low2, .high = high2}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4) { - return libcrux_ml_kem_vector_neon_ntt_ntt_multiply(lhs, rhs, zeta1, zeta2, - zeta3, zeta4); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)1, (int16_t)2, (int16_t)3, - (int16_t)4, (int16_t)5, (int16_t)6, (int16_t)7}; - int16x8_t shift = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low0 = _vshlq_s16(v.low, shift); - int16x8_t high0 = _vshlq_s16(v.high, shift); - int16_t low = _vaddvq_s16(low0); - int16_t high = _vaddvq_s16(high0); - ret[0U] = (uint8_t)low; - ret[1U] = (uint8_t)high; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_1(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a) { - int16x8_t one = _vdupq_n_s16((int16_t)1); - int16x8_t low0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - int16x8_t high0 = _vdupq_n_s16((int16_t)Eurydice_slice_index( - a, (size_t)1U, uint8_t, uint8_t *, uint8_t)); - int16_t shifter[8U] = {(int16_t)0, (int16_t)255, (int16_t)-2, (int16_t)-3, - (int16_t)-4, (int16_t)-5, (int16_t)-6, (int16_t)-7}; - int16x8_t shift = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - int16x8_t low = _vshlq_s16(low0, shift); - int16x8_t high = _vshlq_s16(high0, shift); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = _vandq_s16(low, one), .high = _vandq_s16(high, one)}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_1(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]) { - int16_t shifter[8U] = {(int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12, - (int16_t)0, (int16_t)4, (int16_t)8, (int16_t)12}; - int16x8_t shift = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifter, int16_t, Eurydice_slice)); - uint16x8_t lowt = _vshlq_u16(_vreinterpretq_u16_s16(v.low), shift); - uint16x8_t hight = _vshlq_u16(_vreinterpretq_u16_s16(v.high), shift); - uint64_t sum0 = (uint64_t)_vaddv_u16(_vget_low_u16(lowt)); - uint64_t sum1 = (uint64_t)_vaddv_u16(_vget_high_u16(lowt)); - uint64_t sum2 = (uint64_t)_vaddv_u16(_vget_low_u16(hight)); - uint64_t sum3 = (uint64_t)_vaddv_u16(_vget_high_u16(hight)); - uint64_t sum = ((sum0 | sum1 << 16U) | sum2 << 32U) | sum3 << 48U; - uint8_t ret0[8U]; - core_num__u64_9__to_le_bytes(sum, ret0); - memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_4(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector input = - libcrux_ml_kem_vector_portable_deserialize_4_0d(v); - int16_t input_i16s[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(input, input_i16s); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - input_i16s, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[10U]; - libcrux_ml_kem_vector_portable_serialize_5_0d(out, ret0); - memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_5_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]) { - int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = _vsliq_n_s32((int32_t)10, low00, low10, int32x4_t); - int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = _vsliq_n_s64((int32_t)20, low0, low1, int64x2_t); - int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = _vsliq_n_s32((int32_t)10, high00, high10, int32x4_t); - int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = _vsliq_n_s64((int32_t)20, high0, high1, int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); - uint8_t result[20U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)5U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)5U, (size_t)10U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)13U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)10U, (size_t)15U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)21U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)15U, (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)29U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)20U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_10(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_10_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_10(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]) { - int16_t out_i16s[16U]; - libcrux_ml_kem_vector_neon_vector_type_to_i16_array(v, out_i16s); - libcrux_ml_kem_vector_portable_vector_type_PortableVector out = - libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_array_to_slice( - (size_t)16U, out_i16s, int16_t, Eurydice_slice)); - uint8_t ret0[22U]; - libcrux_ml_kem_vector_portable_serialize_11_0d(out, ret0); - memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_11(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector output = - libcrux_ml_kem_vector_portable_deserialize_11_0d(v); - int16_t array[16U]; - libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lit; - lit.low = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)0U, (size_t)8U, int16_t, Eurydice_slice)); - lit.high = _vld1q_s16(Eurydice_array_to_subslice2( - array, (size_t)8U, (size_t)16U, int16_t, Eurydice_slice)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_11(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]) { - int32x4_t low00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.low, v.low)); - int32x4_t low10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.low, v.low)); - int32x4_t mixt = _vsliq_n_s32((int32_t)12, low00, low10, int32x4_t); - int64x2_t low0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt, mixt)); - int64x2_t low1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt, mixt)); - int64x2_t low_mix = _vsliq_n_s64((int32_t)24, low0, low1, int64x2_t); - int32x4_t high00 = _vreinterpretq_s32_s16(_vtrn1q_s16(v.high, v.high)); - int32x4_t high10 = _vreinterpretq_s32_s16(_vtrn2q_s16(v.high, v.high)); - int32x4_t mixt0 = _vsliq_n_s32((int32_t)12, high00, high10, int32x4_t); - int64x2_t high0 = _vreinterpretq_s64_s32(_vtrn1q_s32(mixt0, mixt0)); - int64x2_t high1 = _vreinterpretq_s64_s32(_vtrn2q_s32(mixt0, mixt0)); - int64x2_t high_mix = _vsliq_n_s64((int32_t)24, high0, high1, int64x2_t); - uint8_t result32[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - result32, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____0, _vreinterpretq_u8_s64(low_mix)); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - result32, (size_t)16U, (size_t)32U, uint8_t, Eurydice_slice); - _vst1q_u8(uu____1, _vreinterpretq_u8_s64(high_mix)); - uint8_t result[24U] = {0U}; - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - result, (size_t)0U, (size_t)6U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(result32, (size_t)0U, (size_t)6U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - result, (size_t)6U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(result32, (size_t)8U, (size_t)14U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - result, (size_t)12U, (size_t)18U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_array_to_subslice2(result32, (size_t)16U, (size_t)22U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - result, (size_t)18U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_array_to_subslice2(result32, (size_t)24U, (size_t)30U, uint8_t, - Eurydice_slice), - uint8_t, void *); - memcpy(ret, result, (size_t)24U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]) { - libcrux_ml_kem_vector_neon_serialize_serialize_12(a, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v) { - uint8_t indexes[16U] = {0U, 1U, 1U, 2U, 3U, 4U, 4U, 5U, - 6U, 7U, 7U, 8U, 9U, 10U, 10U, 11U}; - uint8x16_t index_vec = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, indexes, uint8_t, Eurydice_slice)); - int16_t shifts[8U] = {(int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4, - (int16_t)0, (int16_t)-4, (int16_t)0, (int16_t)-4}; - int16x8_t shift_vec = _vld1q_s16( - Eurydice_array_to_slice((size_t)8U, shifts, int16_t, Eurydice_slice)); - uint16x8_t mask12 = _vdupq_n_u16(4095U); - uint8_t input0[16U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - input0, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_slice_subslice2(v, (size_t)0U, (size_t)12U, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8x16_t input_vec0 = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, input0, uint8_t, Eurydice_slice)); - uint8_t input1[16U] = {0U}; - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - input1, (size_t)0U, (size_t)12U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_slice_subslice2(v, (size_t)12U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8x16_t input_vec1 = _vld1q_u8( - Eurydice_array_to_slice((size_t)16U, input1, uint8_t, Eurydice_slice)); - uint16x8_t moved0 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec0, index_vec)); - uint16x8_t shifted0 = _vshlq_u16(moved0, shift_vec); - int16x8_t low = _vreinterpretq_s16_u16(_vandq_u16(shifted0, mask12)); - uint16x8_t moved1 = _vreinterpretq_u16_u8(_vqtbl1q_u8(input_vec1, index_vec)); - uint16x8_t shifted1 = _vshlq_u16(moved1, shift_vec); - int16x8_t high = _vreinterpretq_s16_u16(_vandq_u16(shifted1, mask12)); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector){ - .low = low, .high = high}); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a) { - return libcrux_ml_kem_vector_neon_serialize_deserialize_12(a); -} - -KRML_MUSTINLINE size_t -libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, Eurydice_slice result) { - size_t sampled = (size_t)0U; - core_slice_iter_Chunks iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - core_slice___Slice_T___chunks(a, (size_t)3U, uint8_t, - core_slice_iter_Chunks), - core_slice_iter_Chunks, core_slice_iter_Chunks); - while (true) { - core_option_Option_44 uu____0 = - core_slice_iter___core__iter__traits__iterator__Iterator_for_core__slice__iter__Chunks__a__T___71__next( - &iter, uint8_t, core_option_Option_44); - if (uu____0.tag == core_option_None) { - break; - } else { - Eurydice_slice bytes = uu____0.f0; - int16_t b1 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t b2 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t b3 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); - int16_t d1 = (b2 & (int16_t)15) << 8U | b1; - int16_t d2 = b3 << 4U | b2 >> 4U; - bool uu____1; - int16_t uu____2; - bool uu____3; - size_t uu____4; - int16_t uu____5; - size_t uu____6; - int16_t uu____7; - if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { - if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = - d1; - sampled++; - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, - int16_t) = uu____5; - sampled++; - continue; - } - } - continue; - } - } - uu____2 = d2; - uu____7 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; - uu____1 = uu____2 < uu____7; - if (uu____1) { - uu____4 = sampled; - uu____3 = uu____4 < (size_t)16U; - if (uu____3) { - uu____5 = d2; - uu____6 = sampled; - Eurydice_slice_index(result, uu____6, int16_t, int16_t *, int16_t) = - uu____5; - sampled++; - continue; - } - } - } - } - return sampled; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out) { - return libcrux_ml_kem_vector_neon_rej_sample(a, out); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -inline libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self) { - return self[0U]; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ZERO_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c ZERO_89_06(void) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - lit.coefficients[0U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[1U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[2U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[3U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[4U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[5U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[6U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[7U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[8U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[9U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[10U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[11U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[12U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[13U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[14U] = libcrux_ml_kem_vector_neon_ZERO_20(); - lit.coefficients[15U] = libcrux_ml_kem_vector_neon_ZERO_20(); - return lit; -} - -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_reduced_ring_element_e3(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_cond_subtract_3329_20(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 800 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a64( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.arithmetic.shift_right -with const generics -- SHIFT_BY= 15 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -shift_right_d3(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - v.low = _vshrq_n_s16((int32_t)15, v.low, int16x8_t); - v.high = _vshrq_n_s16((int32_t)15, v.high, int16x8_t); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.shift_right_20 -with const generics -- SHIFT_BY= 15 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector shift_right_20_6a( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return shift_right_d3(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.traits.to_unsigned_representative with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_unsigned_representative_64( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = shift_right_20_6a(a); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fm = - libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - return libcrux_ml_kem_vector_neon_add_20(a, &fm); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_77( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[384U]) { - uint8_t serialized[384U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re->coefficients[i0]); - uint8_t bytes[24U]; - libcrux_ml_kem_vector_neon_serialize_12_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 768 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[768U]) { - uint8_t out[768U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -static KRML_MUSTINLINE void serialize_public_key_701( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[800U]) { - uint8_t public_key_serialized[800U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); - uint8_t ret0[768U]; - serialize_secret_key_5d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- PUBLIC_KEY_SIZE= 800 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e1(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - deserialize_ring_elements_reduced_a64( - Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[800U]; - serialize_public_key_701( - uu____0, - Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$2size_t]] - -*/ -typedef struct tuple_4c0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 snd; -} tuple_4c0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void G_48_771(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static void closure_de1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -typedef struct Simd128Hash_s { - libcrux_sha3_generic_keccak_KeccakState_fc shake128_state[2U]; -} Simd128Hash; - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_6b1(uint8_t input[2U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_48_551(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b1(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b71( - Simd128Hash *st, uint8_t ret[2U][504U]) { - uint8_t out[2U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[504U], void *); - uint8_t out3[504U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[504U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const -generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e91( - Simd128Hash *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_b71(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e63( - uint8_t randomness[2U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_7d1(Simd128Hash *st, - uint8_t ret[2U][168U]) { - uint8_t out[2U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[168U], void *); - uint8_t out3[168U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[168U], void *); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_48_ad1( - Simd128Hash *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_7d1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 2 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e64( - uint8_t randomness[2U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.from_i16_array_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -from_i16_array_89_f3(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - result.coefficients[i0] = - libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); - } - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d51( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_from_xof_c01( - uint8_t seeds[2U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - size_t sampled_coefficients[2U] = {0U}; - int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_551(copy_of_seeds); - uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_48_e91(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e63( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[2U][168U]; - shake128_squeeze_block_48_ad1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e64( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_d51(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void sample_matrix_A_481( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U][2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_de1(A_transpose[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[2U]; - sample_from_xof_c01(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - memcpy(ret, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[2size_t], uint8_t - -*/ -typedef struct tuple_740_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[2U]; - uint8_t snd; -} tuple_740; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_891(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - uint8_t out[2U][192U] = {{0U}}; - uint8_t out0[192U] = {0U}; - uint8_t out1[192U] = {0U}; - uint8_t out2[192U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[192U], void *); - uint8_t out3[192U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[192U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[192U]; - memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); - uint8_t uu____1[192U]; - memcpy(uu____1, out1, (size_t)192U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)192U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 192 -*/ -static KRML_MUSTINLINE void PRFxN_48_a91(uint8_t (*input)[33U], - uint8_t ret[2U][192U]) { - PRFxN_891(input, ret); -} - -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2_c3(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u32 = - (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 24U; - uint32_t even_bits = random_bits_as_u32 & 1431655765U; - uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; - uint32_t coin_toss_outcomes = even_bits + odd_bits; - for (uint32_t i = 0U; i < CORE_NUM__U32_8__BITS / 4U; i++) { - uint32_t outcome_set = i; - uint32_t outcome_set0 = outcome_set * 4U; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 3U); - int16_t outcome_2 = - (int16_t)(coin_toss_outcomes >> (uint32_t)(outcome_set0 + 2U) & 3U); - size_t offset = (size_t)(outcome_set0 >> 2U); - sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution_3 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_3_27(Eurydice_slice randomness) { - int16_t sampled_i16s[256U] = {0U}; - for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { - size_t chunk_number = i0; - Eurydice_slice byte_chunk = Eurydice_slice_subslice2( - randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); - uint32_t random_bits_as_u24 = - ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) - << 8U) | - (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) - << 16U; - uint32_t first_bits = random_bits_as_u24 & 2396745U; - uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; - uint32_t third_bits = random_bits_as_u24 >> 2U & 2396745U; - uint32_t coin_toss_outcomes = first_bits + second_bits + third_bits; - for (int32_t i = (int32_t)0; i < (int32_t)24 / (int32_t)6; i++) { - int32_t outcome_set = i; - int32_t outcome_set0 = outcome_set * (int32_t)6; - int16_t outcome_1 = - (int16_t)(coin_toss_outcomes >> (uint32_t)outcome_set0 & 7U); - int16_t outcome_2 = (int16_t)(coin_toss_outcomes >> - (uint32_t)(outcome_set0 + (int32_t)3) & - 7U); - size_t offset = (size_t)(outcome_set0 / (int32_t)6); - sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; - } - } - return from_i16_array_89_f3(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c0(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_27(randomness); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_7 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_7_67( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; - for (size_t i = (size_t)0U; i < step; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - libcrux_ml_kem_vector_neon_multiply_by_constant_20( - re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = - libcrux_ml_kem_vector_neon_sub_20(re->coefficients[j], &t); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - libcrux_ml_kem_vector_neon_add_20(re->coefficients[j], &t); - re->coefficients[j] = uu____1; - } -} - -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector snd; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2; - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.montgomery_multiply_fe -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -montgomery_multiply_fe_91( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t fer) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20(v, fer); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_layer_int_vec_step -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -ntt_layer_int_vec_step_9c( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector t = - montgomery_multiply_fe_91(b, zeta_r); - b = libcrux_ml_kem_vector_neon_sub_20(a, &t); - a = libcrux_ml_kem_vector_neon_add_20(a, &t); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_2a( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = offset / (size_t)16U; - size_t step_vec = step / (size_t)16U; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - ntt_layer_int_vec_step_9c( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_3_f4( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_2_d0( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_at_layer_1_39( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.poly_barrett_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void poly_barrett_reduce_89_5f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(self->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_binomially_sampled_ring_element -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_cf( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - ntt_at_layer_7_67(re); - size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA= 3 -- ETA_RANDOMNESS_SIZE= 192 -*/ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_1f1( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][192U]; - PRFxN_48_a91(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c0( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[2U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.ntt_multiply_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -ntt_multiply_89_16(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c out = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_ntt_multiply_20( - &self->coefficients[i0], &rhs->coefficients[i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[(size_t)64U + - (size_t)4U * i0 + - (size_t)3U]); - out.coefficients[i0] = uu____0; - } - return out; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.to_standard_domain -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -to_standard_domain_fc(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_standard_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = to_standard_domain_fc(self->coefficients[j]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_951( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static tuple_4c0 generate_keypair_unpacked_ff1( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_771(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[2U][2U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_481(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[2U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f1(copy_of_prf_input, domain_separator).fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - compute_As_plus_e_951(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static void closure_891( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@1])#1} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.clone_d5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_1c clone_d5_13( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c lit; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector ret[16U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * - sizeof(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void H_48_851(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_891(A[i]);); - KRML_MAYBE_FOR2( - i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[2U][2U]; - memcpy(uu____2, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - uint8_t pk_serialized[800U]; - serialize_public_key_701( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_851(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- PRIVATE_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- RANKED_BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_161( - Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_ff1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 pk = uu____0.snd; - uint8_t public_key_serialized[800U]; - serialize_public_key_701(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[768U]; - serialize_secret_key_5d1(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- SERIALIZED_KEY_LEN= 1632 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d81( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { - uint8_t out[1632U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_851(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CPA_PRIVATE_KEY_SIZE= 768 -- PRIVATE_KEY_SIZE= 1632 -- PUBLIC_KEY_SIZE= 800 -- BYTES_PER_RING_ELEMENT= 768 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -*/ -libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_721(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_161(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[768U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); - uint8_t public_key[800U]; - memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); - uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_d81( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_892(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - uint8_t out[2U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - LowStar_Ignore_ignore(out2, uint8_t[128U], void *); - uint8_t out3[128U] = {0U}; - LowStar_Ignore_ignore(out3, uint8_t[128U], void *); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a92(uint8_t (*input)[33U], - uint8_t ret[2U][128U]) { - PRFxN_892(input, ret); -} - -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_binomial_distribution with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- ETA= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -sample_from_binomial_distribution_2c(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c3(randomness); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_eb1(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[2U][33U]; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[2U][128U]; - PRFxN_48_a92(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[2U]; - memcpy( - copy_of_error_1, error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_740 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_b40(Eurydice_slice input, uint8_t ret[128U]) { - uint8_t digest[128U] = {0U}; - uint8_t dummy[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e4(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)2U], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_2 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_4b( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = - libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_3 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - re->coefficients[round], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - re->coefficients[round] = uu____0;); -} - -/** -A monomorphic instance of -libcrux_ml_kem.invert_ntt.inv_ntt_layer_int_vec_step_reduce with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 -inv_ntt_layer_int_vec_step_reduce_27( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector b, int16_t zeta_r) { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a_minus_b = - libcrux_ml_kem_vector_neon_sub_20(b, &a); - a = libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(a, &b)); - b = montgomery_multiply_fe_91(a_minus_b, zeta_r); - return (CLITERAL(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2){ - .fst = a, .snd = b}); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_at_layer_4_plus -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_fd( - size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, - size_t layer) { - size_t step = (size_t)1U << (uint32_t)layer; - for (size_t i0 = (size_t)0U; i0 < (size_t)128U >> (uint32_t)layer; i0++) { - size_t round = i0; - zeta_i[0U] = zeta_i[0U] - (size_t)1U; - size_t offset = round * step * (size_t)2U; - size_t offset_vec = - offset / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - size_t step_vec = - step / LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; - for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_27( - re->coefficients[j], re->coefficients[j + step_vec], - libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x = uu____0.fst; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector y = uu____0.snd; - re->coefficients[j] = x; - re->coefficients[j + step_vec] = y; - } - } -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_621( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void add_error_reduce_89_24( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t j = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - self->coefficients[j], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, - &error->coefficients[j])); - self->coefficients[j] = uu____0; - } -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[2U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae1(&result[i1], &product); - } - invert_ntt_montgomery_621(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.traits.decompress_1 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector decompress_1_fc( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_sub_20(libcrux_ml_kem_vector_neon_ZERO_20(), - &v), - (int16_t)1665); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_message_23(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = libcrux_ml_kem_vector_neon_deserialize_1_20( - Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_1_fc(coefficient_compressed); - re.coefficients[i0] = uu____0;); - return re; -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_message_error_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -add_message_error_reduce_89_3a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - result.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &message->coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector tmp0 = - libcrux_ml_kem_vector_neon_add_20(coefficient_normal_form, &tmp); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20(tmp0); - result.coefficients[i0] = uu____0; - } - return result; -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b1( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)10, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_43(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)10)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af(low00); - uint32x4_t low1 = compress_int32x4_t_af(low10); - uint32x4_t high0 = compress_int32x4_t_af(high00); - uint32x4_t high1 = compress_int32x4_t_af(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_43(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_10 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_10_ca0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t serialized[320U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[20U]; - libcrux_ml_kem_vector_neon_serialize_10_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af0(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)11, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_430(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)11)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af0(low00); - uint32x4_t low1 = compress_int32x4_t_af0(low10); - uint32x4_t high0 = compress_int32x4_t_af0(high00); - uint32x4_t high1 = compress_int32x4_t_af0(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_430(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -- OUT_LEN= 320 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_840( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[320U]) { - uint8_t uu____0[320U]; - compress_then_serialize_10_ca0(re, uu____0); - memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- OUT_LEN= 640 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[2U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af1(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)4, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_431(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)4)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af1(low00); - uint32x4_t low1 = compress_int32x4_t_af1(low10); - uint32x4_t high0 = compress_int32x4_t_af1(high00); - uint32x4_t high1 = compress_int32x4_t_af1(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_431(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_4_21( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e1(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[8U]; - libcrux_ml_kem_vector_neon_serialize_4_20(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress_int32x4_t -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE uint32x4_t compress_int32x4_t_af2(uint32x4_t v) { - uint32x4_t half = _vdupq_n_u32(1664U); - uint32x4_t compressed = _vshlq_n_u32((int32_t)5, v, uint32x4_t); - uint32x4_t compressed0 = _vaddq_u32(compressed, half); - uint32x4_t compressed1 = _vreinterpretq_u32_s32( - _vqdmulhq_n_s32(_vreinterpretq_s32_u32(compressed0), (int32_t)10321340)); - return _vshrq_n_u32((int32_t)4, compressed1, uint32x4_t); -} - -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress.compress -with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -compress_432(libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - int16x8_t mask = _vdupq_n_s16( - libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - (int16_t)(int32_t)5)); - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = compress_int32x4_t_af2(low00); - uint32x4_t low1 = compress_int32x4_t_af2(low10); - uint32x4_t high0 = compress_int32x4_t_af2(high00); - uint32x4_t high1 = compress_int32x4_t_af2(high10); - int16x8_t low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - int16x8_t high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - v.low = _vandq_s16(low, mask); - v.high = _vandq_s16(high, mask); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.vector.neon.compress_20 -with const generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector compress_20_0e2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return compress_432(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_5_2b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, - Eurydice_slice serialized) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients = - compress_20_0e2(to_unsigned_representative_64(re.coefficients[i0])); - uint8_t bytes[10U]; - libcrux_ml_kem_vector_neon_serialize_5_20(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( - Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -- OUT_LEN= 128 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_4_21(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_541( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_1f1(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[2U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_eb1(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[2U]; - memcpy( - error_1, uu____3.fst, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[2U]; - compute_vector_u_6a1(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b1(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[768U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[2U]; - memcpy( - uu____5, u, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d71( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_471( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_unpacked_541(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c71(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 768 -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a63( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_LEN= 640 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e1(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[768U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - deserialize_ring_elements_reduced_a63( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_481(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[2U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_541(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -*/ -static KRML_MUSTINLINE void kdf_af_631(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_281( - libcrux_ml_kem_types_MlKemPublicKey_be *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c71( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_851(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, - Eurydice_slice); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[768U]; - encrypt_4e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_631(shared_secret, shared_secret_array); - libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_ec lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)10 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)10, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 10 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_21( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_10 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_10_81(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_10_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_21(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a0(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)11 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)11, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de0( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a0(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a0(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a0(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a0(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 11 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_210( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de0(v); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_11 with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_11_6b(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_11_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_210(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_060(Eurydice_slice serialized) { - return deserialize_then_decompress_10_81(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_331( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a1(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)4 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)4, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a1(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a1(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a1(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a1(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 4 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_211( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de1(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_4 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_4_60(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - libcrux_ml_kem_vector_neon_deserialize_4_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - decompress_ciphertext_coefficient_20_211(coefficient); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_uint32x4_t with const generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE uint32x4_t decompress_uint32x4_t_7a2(uint32x4_t v) { - uint32x4_t coeff = _vdupq_n_u32(1U << (uint32_t)((int32_t)5 - (int32_t)1)); - uint32x4_t decompressed = - _vmulq_n_u32(v, (uint32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - uint32x4_t decompressed0 = _vaddq_u32(decompressed, coeff); - return _vshrq_n_u32((int32_t)5, decompressed0, uint32x4_t); -} - -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.compress.decompress_ciphertext_coefficient with const -generics -- COEFFICIENT_BITS= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_de2( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - uint32x4_t mask16 = _vdupq_n_u32(65535U); - uint32x4_t low00 = _vandq_u32(_vreinterpretq_u32_s16(v.low), mask16); - uint32x4_t low10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.low), uint32x4_t); - uint32x4_t high00 = _vandq_u32(_vreinterpretq_u32_s16(v.high), mask16); - uint32x4_t high10 = - _vshrq_n_u32((int32_t)16, _vreinterpretq_u32_s16(v.high), uint32x4_t); - uint32x4_t low0 = decompress_uint32x4_t_7a2(low00); - uint32x4_t low1 = decompress_uint32x4_t_7a2(low10); - uint32x4_t high0 = decompress_uint32x4_t_7a2(high00); - uint32x4_t high1 = decompress_uint32x4_t_7a2(high10); - v.low = - _vtrn1q_s16(_vreinterpretq_s16_u32(low0), _vreinterpretq_s16_u32(low1)); - v.high = - _vtrn1q_s16(_vreinterpretq_s16_u32(high0), _vreinterpretq_s16_u32(high1)); - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.vector.neon.decompress_ciphertext_coefficient_20 with const -generics -- COEFFICIENT_BITS= 5 -*/ -static libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -decompress_ciphertext_coefficient_20_212( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v) { - return decompress_ciphertext_coefficient_de2(v); -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.deserialize_then_decompress_5 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_5_25(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - re.coefficients[i0] = libcrux_ml_kem_vector_neon_deserialize_5_20(bytes); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____1 = - decompress_ciphertext_coefficient_20_212(re.coefficients[i0]); - re.coefficients[i0] = uu____1; - } - return re; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_440(Eurydice_slice serialized) { - return deserialize_then_decompress_4_60(serialized); -} - -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.subtract_reduce_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -subtract_reduce_89_25(libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c b) { - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_normal_form = - libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - b.coefficients[i0], (int16_t)1441); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_sub_20(self->coefficients[i0], - &coefficient_normal_form)); - b.coefficients[i0] = uu____0; - } - return b; -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c71( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae1(&result, &product);); - invert_ntt_montgomery_621(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_message with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE void compress_then_serialize_message_ab( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, uint8_t ret[32U]) { - uint8_t serialized[32U] = {0U}; - KRML_MAYBE_FOR16( - i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - to_unsigned_representative_64(re.coefficients[i0]); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - coefficient_compressed = - libcrux_ml_kem_vector_neon_compress_1_20(coefficient); - uint8_t bytes[2U]; - libcrux_ml_kem_vector_neon_serialize_1_20(coefficient_compressed, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); - memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d61( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[2U]; - deserialize_then_decompress_u_331(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c71(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF -with const generics -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_b4(Eurydice_slice input, uint8_t ret[32U]) { - uint8_t digest[32U] = {0U}; - uint8_t dummy[32U] = {0U}; - libcrux_sha3_neon_x2_shake256( - input, input, - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)); - memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 2 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *key_pair, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d61(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_unpacked_541(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_to_uncompressed_ring_element with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics - -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_to_uncompressed_ring_element_10(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = ZERO_89_06(); - for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { - size_t i0 = i; - Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_deserialize_12_20(bytes); - re.coefficients[i0] = uu____0; - } - return re; -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f1( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[2U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 2 -- CIPHERTEXT_SIZE= 768 -- VECTOR_U_ENCODED_SIZE= 640 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af1(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; - deserialize_secret_key_4f1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[2U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d61(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 2 -- SECRET_KEY_SIZE= 1632 -- CPA_SECRET_KEY_SIZE= 768 -- PUBLIC_KEY_SIZE= 800 -- CIPHERTEXT_SIZE= 768 -- T_AS_NTT_ENCODED_SIZE= 768 -- C1_SIZE= 640 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 3 -- ETA1_RANDOMNESS_SIZE= 192 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_821( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af1(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_771( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e3( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[768U]; - encrypt_4e1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_631( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_631(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1184 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a62( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 1152 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1152U]) { - uint8_t out[1152U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -static KRML_MUSTINLINE void serialize_public_key_700( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1184U]) { - uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); - uint8_t ret0[1152U]; - serialize_secret_key_5d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- PUBLIC_KEY_SIZE= 1184 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e0(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - deserialize_ring_elements_reduced_a62( - Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700( - uu____0, - Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd snd; -} tuple_9b0; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void G_48_770(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static void closure_de0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_6b0(uint8_t input[3U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_48_550(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b0(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b70( - Simd128Hash *st, uint8_t ret[3U][504U]) { - uint8_t out[3U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const -generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e90( - Simd128Hash *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_b70(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e61( - uint8_t randomness[3U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_7d0(Simd128Hash *st, - uint8_t ret[3U][168U]) { - uint8_t out[3U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_48_ad0( - Simd128Hash *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_7d0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 3 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e62( - uint8_t randomness[3U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d50( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_from_xof_c00( - uint8_t seeds[3U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - size_t sampled_coefficients[3U] = {0U}; - int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_550(copy_of_seeds); - uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_48_e90(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e61( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[3U][168U]; - shake128_squeeze_block_48_ad0(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e62( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_d50(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void sample_matrix_A_480( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U][3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_de0(A_transpose[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[3U]; - sample_from_xof_c00(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - memcpy(ret, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[3size_t], uint8_t - -*/ -typedef struct tuple_b00_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[3U]; - uint8_t snd; -} tuple_b00; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_890(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - uint8_t out[3U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a90(uint8_t (*input)[33U], - uint8_t ret[3U][128U]) { - PRFxN_890(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_1f0( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[3U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_950( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_9b0 generate_keypair_unpacked_ff0( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_770(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_480(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[3U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f0(copy_of_prf_input, domain_separator).fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - compute_As_plus_e_950(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_890( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void H_48_850(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_890(A[i]);); - KRML_MAYBE_FOR3( - i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[3U][3U]; - memcpy(uu____2, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - uint8_t pk_serialized[1184U]; - serialize_public_key_700( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_850(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- PRIVATE_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- RANKED_BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_160( - Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_ff0(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd pk = uu____0.snd; - uint8_t public_key_serialized[1184U]; - serialize_public_key_700(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1152U]; - serialize_secret_key_5d0(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- SERIALIZED_KEY_LEN= 2400 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d80( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { - uint8_t out[2400U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_850(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CPA_PRIVATE_KEY_SIZE= 1152 -- PRIVATE_KEY_SIZE= 2400 -- PUBLIC_KEY_SIZE= 1184 -- BYTES_PER_RING_ELEMENT= 1152 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_720(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_160(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1152U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); - uint8_t public_key[1184U]; - memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); - uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_d80( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_eb0(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[3U][33U]; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[3U][128U]; - PRFxN_48_a90(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[3U]; - memcpy( - copy_of_error_1, error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_b00 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e2(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_620( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[3U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae0(&result[i1], &product); - } - invert_ntt_montgomery_620(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b0( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- OUT_LEN= 960 -- COMPRESSION_FACTOR= 10 -- BLOCK_LEN= 320 -*/ -static void compress_then_serialize_u_d70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[3U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); - uint8_t ret[320U]; - compress_then_serialize_ring_element_u_840(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_540( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_1f0(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[3U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_eb0(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[3U]; - memcpy( - error_1, uu____3.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[3U]; - compute_vector_u_6a0(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b0(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1088U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[3U]; - memcpy( - uu____5, u, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d70( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_470( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_unpacked_540(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c70(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1152 -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a61( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e0(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - deserialize_ring_elements_reduced_a61( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_480(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_540(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -*/ -static KRML_MUSTINLINE void kdf_af_630(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- PUBLIC_KEY_SIZE= 1184 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- VECTOR_U_BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_280( - libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c70( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_850(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, - Eurydice_slice); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1088U]; - encrypt_4e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_630(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_3c lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- U_COMPRESSION_FACTOR= 10 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_330( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_060(u_bytes); - ntt_vector_u_3c0(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae0(&result, &product);); - invert_ntt_montgomery_620(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_unpacked_d60( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[3U]; - deserialize_then_decompress_u_330(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_440( - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c70(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 3 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *key_pair, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d60(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_540(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f0( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[3U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- VECTOR_U_ENCODED_SIZE= 960 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -*/ -static void decrypt_af0(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; - deserialize_secret_key_4f0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d60(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 3 -- SECRET_KEY_SIZE= 2400 -- CPA_SECRET_KEY_SIZE= 1152 -- PUBLIC_KEY_SIZE= 1184 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_SIZE= 960 -- C2_SIZE= 128 -- VECTOR_U_COMPRESSION_FACTOR= 10 -- VECTOR_V_COMPRESSION_FACTOR= 4 -- C1_BLOCK_SIZE= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_820( - libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, - libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af0(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_770( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e1( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1088U]; - encrypt_4e0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_630( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_630(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1568 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a60( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1536 -*/ -static KRML_MUSTINLINE void serialize_secret_key_5d( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *key, - uint8_t ret[1536U]) { - uint8_t out[1536U] = {0U}; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = key[i0]; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - uint8_t ret0[384U]; - serialize_uncompressed_ring_element_77(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); -} - -/** - Concatenate `t` and `ρ` into the public key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -static KRML_MUSTINLINE void serialize_public_key_70( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - Eurydice_slice seed_for_a, uint8_t ret[1568U]) { - uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); - uint8_t ret0[1536U]; - serialize_secret_key_5d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); - memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.validate_public_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- PUBLIC_KEY_SIZE= 1568 -*/ -bool libcrux_ml_kem_ind_cca_validate_public_key_7e(uint8_t *public_key) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - deserialize_ring_elements_reduced_a60( - Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - deserialized_pk); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *uu____0 = deserialized_pk; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70( - uu____0, - Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - public_key_serialized); - return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( - (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[[$4size_t]] - -*/ -typedef struct tuple_54_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c snd; -} tuple_54; - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.G_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void G_48_77(Eurydice_slice input, uint8_t ret[64U]) { - libcrux_ml_kem_hash_functions_neon_G(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static void closure_de( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb with const generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_6b(uint8_t input[4U][34U]) { - libcrux_sha3_generic_keccak_KeccakState_fc uu____0 = - libcrux_sha3_neon_x2_incremental_shake128_init(); - libcrux_sha3_generic_keccak_KeccakState_fc state[2U] = { - uu____0, libcrux_sha3_neon_x2_incremental_shake128_init()}; - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - &state[1U], - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); - Simd128Hash lit; - memcpy(lit.shake128_state, state, - (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_fc)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_init_absorb_48 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE Simd128Hash -shake128_init_absorb_48_55(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_6b(copy_of_input); -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_b7( - Simd128Hash *st, uint8_t ret[4U][504U]) { - uint8_t out[4U][504U] = {{0U}}; - uint8_t out0[504U] = {0U}; - uint8_t out1[504U] = {0U}; - uint8_t out2[504U] = {0U}; - uint8_t out3[504U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - st->shake128_state, - Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[504U]; - memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____1[504U]; - memcpy(uu____1, out1, (size_t)504U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____2[504U]; - memcpy(uu____2, out2, (size_t)504U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)504U * sizeof(uint8_t)); - uint8_t uu____3[504U]; - memcpy(uu____3, out3, (size_t)504U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)504U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_three_blocks_48 with const -generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_48_e9( - Simd128Hash *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_b7(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 504 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e6( - uint8_t randomness[4U][504U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)504U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_7d(Simd128Hash *st, - uint8_t ret[4U][168U]) { - uint8_t out[4U][168U] = {{0U}}; - uint8_t out0[168U] = {0U}; - uint8_t out1[168U] = {0U}; - uint8_t out2[168U] = {0U}; - uint8_t out3[168U] = {0U}; - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - st->shake128_state, - Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - &st->shake128_state[1U], - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[168U]; - memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____1[168U]; - memcpy(uu____1, out1, (size_t)168U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____2[168U]; - memcpy(uu____2, out2, (size_t)168U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)168U * sizeof(uint8_t)); - uint8_t uu____3[168U]; - memcpy(uu____3, out3, (size_t)168U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)168U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of -libcrux_ml_kem.hash_functions.neon.shake128_squeeze_block_48 with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void shake128_squeeze_block_48_ad( - Simd128Hash *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_7d(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of -libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- K= 4 -- N= 168 -*/ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_e60( - uint8_t randomness[4U][168U], size_t *sampled_coefficients, - int16_t (*out)[272U]) { - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)24U; i++) { - size_t r = i; - if (sampled_coefficients[i1] < - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); - size_t sampled = libcrux_ml_kem_vector_neon_rej_sample_20( - uu____0, Eurydice_array_to_subslice2( - out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); - size_t uu____1 = i1; - sampled_coefficients[uu____1] = - sampled_coefficients[uu____1] + sampled; - } - }); - bool done = true; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - if (sampled_coefficients[i0] >= - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - sampled_coefficients[i0] = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT; - } else { done = false; }); - return done; -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof.closure -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static libcrux_ml_kem_polynomial_PolynomialRingElement_1c closure_d5( - int16_t s[272U]) { - return from_i16_array_89_f3(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); -} - -/** -A monomorphic instance of libcrux_ml_kem.sampling.sample_from_xof -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_from_xof_c0( - uint8_t seeds[4U][34U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - size_t sampled_coefficients[4U] = {0U}; - int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - Simd128Hash xof_state = shake128_init_absorb_48_55(copy_of_seeds); - uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_48_e9(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_e6( - copy_of_randomness0, sampled_coefficients, out); - while (true) { - if (done) { - break; - } else { - uint8_t randomness[4U][168U]; - shake128_squeeze_block_48_ad(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_e60( - copy_of_randomness, sampled_coefficients, out); - } - } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret0[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_d5(copy_of_out[i]);); - memcpy( - ret, ret0, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.matrix.sample_matrix_A -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void sample_matrix_A_48( - uint8_t seed[34U], bool transpose, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U][4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_de(A_transpose[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); - uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sampled[4U]; - sample_from_xof_c0(copy_of_seeds, sampled); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c sample = sampled[j]; - if (transpose) { - A_transpose[j][i1] = sample; - } else { - A_transpose[i1][j] = sample; - } - } - - ); - memcpy(ret, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); -} - -/** -A monomorphic instance of K. -with types libcrux_ml_kem_polynomial_PolynomialRingElement -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector[4size_t], uint8_t - -*/ -typedef struct tuple_71_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c fst[4U]; - uint8_t snd; -} tuple_71; - -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_89(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - uint8_t out[4U][128U] = {{0U}}; - uint8_t out0[128U] = {0U}; - uint8_t out1[128U] = {0U}; - uint8_t out2[128U] = {0U}; - uint8_t out3[128U] = {0U}; - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice)); - libcrux_sha3_neon_x2_shake256( - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); - uint8_t uu____0[128U]; - memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); - memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____1[128U]; - memcpy(uu____1, out1, (size_t)128U * sizeof(uint8_t)); - memcpy(out[1U], uu____1, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____2[128U]; - memcpy(uu____2, out2, (size_t)128U * sizeof(uint8_t)); - memcpy(out[2U], uu____2, (size_t)128U * sizeof(uint8_t)); - uint8_t uu____3[128U]; - memcpy(uu____3, out3, (size_t)128U * sizeof(uint8_t)); - memcpy(out[3U], uu____3, (size_t)128U * sizeof(uint8_t)); - memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRFxN_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRFxN_48_a9(uint8_t (*input)[33U], - uint8_t ret[4U][128U]) { - PRFxN_89(input, ret); -} - -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA= 2 -- ETA_RANDOMNESS_SIZE= 128 -*/ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_1f( - uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_2c( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_cf(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_re_as_ntt[4U]; - memcpy( - copy_of_re_as_ntt, re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, copy_of_re_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ -/** -This function found in impl -{libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} -*/ -/** -A monomorphic instance of libcrux_ml_kem.polynomial.add_to_ring_element_89 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void add_to_ring_element_89_ae( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *self, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *rhs) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, - Eurydice_slice), - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector uu____0 = - libcrux_ml_kem_vector_neon_add_20(self->coefficients[i0], - &rhs->coefficients[i0]); - self->coefficients[i0] = uu____0; - } -} - -/** - Compute  ◦ ŝ + ê -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_As_plus_e_95( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*matrix_A)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *s_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = matrix_A[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *matrix_element = - &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static tuple_54 generate_keypair_unpacked_ff( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - G_48_77(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A_transpose[4U][4U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_48(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_as_ntt[4U]; - memcpy( - error_as_ntt, - sample_vector_cbd_then_ntt_1f(copy_of_prf_input, domain_separator).fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - compute_As_plus_e_95(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); -} - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static void closure_89( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_06();); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.H_48 -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void H_48_85(Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_neon_H(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_ff(ind_cpa_keypair_randomness); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - ind_cpa_public_key = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_89(A[i]);); - KRML_MAYBE_FOR4( - i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); - A[i1][j] = uu____1;);); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____2[4U][4U]; - memcpy(uu____2, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - memcpy(ind_cpa_public_key.A, uu____2, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - uint8_t pk_serialized[1568U]; - serialize_public_key_70( - ind_cpa_public_key.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), - pk_serialized); - uint8_t public_key_hash[32U]; - H_48_85(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), - public_key_hash); - uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c uu____3 = - ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c uu____5; - uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c uu____6 = - ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c lit; - lit.private_key = uu____5; - lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, - (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- PRIVATE_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- RANKED_BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_16( - Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_ff(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c pk = uu____0.snd; - uint8_t public_key_serialized[1568U]; - serialize_public_key_70(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); - uint8_t secret_key_serialized[1536U]; - serialize_secret_key_5d(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); - return lit; -} - -/** - Serialize the secret key. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- SERIALIZED_KEY_LEN= 3168 -*/ -static KRML_MUSTINLINE void serialize_kem_secret_key_d8( - Eurydice_slice private_key, Eurydice_slice public_key, - Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { - uint8_t out[3168U] = {0U}; - size_t pointer = (size_t)0U; - uint8_t *uu____0 = out; - size_t uu____1 = pointer; - size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); - uint8_t *uu____3 = out; - size_t uu____4 = pointer; - size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); - uint8_t ret0[32U]; - H_48_85(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; - uint8_t *uu____7 = out; - size_t uu____8 = pointer; - size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); - memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); -} - -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CPA_PRIVATE_KEY_SIZE= 1536 -- PRIVATE_KEY_SIZE= 3168 -- PUBLIC_KEY_SIZE= 1568 -- BYTES_PER_RING_ELEMENT= 1536 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_72(uint8_t randomness[64U]) { - Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( - randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); - Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( - (size_t)64U, randomness, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_16(ind_cpa_keypair_randomness); - uint8_t ind_cpa_private_key[1536U]; - memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); - uint8_t public_key[1568U]; - memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); - uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_d8( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), - implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); - libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); -} - -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- ETA2_RANDOMNESS_SIZE= 128 -- ETA2= 2 -*/ -static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_eb(uint8_t prf_input[33U], uint8_t domain_separator) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_06();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - uint8_t prf_inputs[4U][33U]; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - prf_inputs[i0][32U] = domain_separator; - domain_separator = (uint32_t)domain_separator + 1U;); - uint8_t prf_outputs[4U][128U]; - PRFxN_48_a9(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____1 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_error_1[4U]; - memcpy( - copy_of_error_1, error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - tuple_71 lit; - memcpy( - lit.fst, copy_of_error_1, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - lit.snd = domain_separator; - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 128 -*/ -static KRML_MUSTINLINE void PRF_48_6e0(Eurydice_slice input, - uint8_t ret[128U]) { - PRF_b40(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.invert_ntt.invert_ntt_montgomery -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void invert_ntt_montgomery_62( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9b(&zeta_i, re); - invert_ntt_at_layer_2_4b(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_fd(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_5f(re); -} - -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void compute_vector_u_6a( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c (*a_as_ntt)[4U], - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_1, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_06();); - for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U], size_t); - i0++) { - size_t i1 = i0; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *row = a_as_ntt[i1]; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t j = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *a_element = &row[j]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(a_element, &r_as_ntt[j]); - add_to_ring_element_89_ae(&result[i1], &product); - } - invert_ntt_montgomery_62(&result[i1]); - add_error_reduce_89_24(&result[i1], &error_1[i1]); - } - memcpy( - ret, result, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_ring_element_v_9b( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *t_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *r_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *error_2, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = add_message_error_reduce_89_3a(error_2, message, result); - return result; -} - -/** -A monomorphic instance of libcrux_ml_kem.serialize.compress_then_serialize_11 -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_11_55( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t serialized[352U] = {0U}; - for (size_t i = (size_t)0U; - i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { - size_t i0 = i; - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficient = - compress_20_0e0(to_unsigned_representative_64(re->coefficients[i0])); - uint8_t bytes[22U]; - libcrux_ml_kem_vector_neon_serialize_11_20(coefficient, bytes); - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); - } - memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -- OUT_LEN= 352 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_84( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re, uint8_t ret[352U]) { - uint8_t uu____0[352U]; - compress_then_serialize_11_55(re, uu____0); - memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); -} - -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- OUT_LEN= 1408 -- COMPRESSION_FACTOR= 11 -- BLOCK_LEN= 352 -*/ -static void compress_then_serialize_u_d7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c input[4U], - Eurydice_slice out) { - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice( - (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_1c, size_t); - i++) { - size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re = input[i0]; - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); - uint8_t ret[352U]; - compress_then_serialize_ring_element_u_84(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.compress_then_serialize_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -- OUT_LEN= 160 -*/ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3f( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c re, Eurydice_slice out) { - compress_then_serialize_5_2b(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_unpacked_54( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_1f(copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c r_as_ntt[4U]; - memcpy( - r_as_ntt, uu____1.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_eb(copy_of_prf_input, domain_separator0); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_1[4U]; - memcpy( - error_1, uu____3.fst, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t domain_separator = uu____3.snd; - prf_input[32U] = domain_separator; - uint8_t prf_output[128U]; - PRF_48_6e0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c error_2 = - sample_from_binomial_distribution_2c(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u[4U]; - compute_vector_u_6a(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message_as_ring_element = - deserialize_then_decompress_message_23(copy_of_message); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - compute_ring_element_v_9b(public_key->t_as_ntt, r_as_ntt, &error_2, - &message_as_ring_element); - uint8_t ciphertext[1568U] = {0U}; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____5[4U]; - memcpy( - uu____5, u, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - compress_then_serialize_u_d7( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____6 = v; - compress_then_serialize_ring_element_v_3f( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); - memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_47( - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, - uint8_t randomness[32U]) { - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____2 = - &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_unpacked_54(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); - uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.entropy_preprocess_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void entropy_preprocess_af_c7(Eurydice_slice randomness, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- PUBLIC_KEY_SIZE= 1536 -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a6( - Eurydice_slice public_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c deserialized_pk[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice ring_element = Eurydice_slice_subslice2( - public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_reduced_ring_element_e3(ring_element); - deserialized_pk[i0] = uu____0; - } - memcpy( - ret, deserialized_pk, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_LEN= 1408 -- C2_LEN= 160 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -- BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static void encrypt_4e(Eurydice_slice public_key, uint8_t message[32U], - Eurydice_slice randomness, uint8_t ret[1568U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - deserialize_ring_elements_reduced_a6( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_48(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_t_as_ntt[4U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_54(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::ind_cca::Variant for -libcrux_ml_kem::ind_cca::MlKem)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.kdf_af -with types libcrux_ml_kem_hash_functions_neon_Simd128Hash -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -*/ -static KRML_MUSTINLINE void kdf_af_63(Eurydice_slice shared_secret, - uint8_t ret[32U]) { - uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); - memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- PUBLIC_KEY_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- VECTOR_U_BLOCK_LEN= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_28( - libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, - uint8_t randomness[32U]) { - uint8_t randomness0[32U]; - entropy_preprocess_af_c7( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); - uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - uint8_t ret[32U]; - H_48_85(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), - uint8_t, Eurydice_slice), - ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, - Eurydice_slice); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); - uint8_t ciphertext[1568U]; - encrypt_4e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); - uint8_t shared_secret_array[32U]; - kdf_af_63(shared_secret, shared_secret_array); - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); - tuple_21 lit; - lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); - return lit; -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_u with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_u_06(Eurydice_slice serialized) { - return deserialize_then_decompress_11_6b(serialized); -} - -/** -A monomorphic instance of libcrux_ml_kem.ntt.ntt_vector_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- VECTOR_U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void ntt_vector_u_3c( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *re) { - size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_2a(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_f4(&zeta_i, re); - ntt_at_layer_2_d0(&zeta_i, re); - ntt_at_layer_1_39(&zeta_i, re); - poly_barrett_reduce_89_5f(re); -} - -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- U_COMPRESSION_FACTOR= 11 -*/ -static KRML_MUSTINLINE void deserialize_then_decompress_u_33( - uint8_t *ciphertext, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / - (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U); - i++) { - size_t i0 = i; - Eurydice_slice u_bytes = Eurydice_array_to_subslice2( - ciphertext, - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U), - i0 * (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U) + - LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * - (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_06(u_bytes); - ntt_vector_u_3c(&u_as_ntt[i0]); - } - memcpy( - ret, u_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of -libcrux_ml_kem.serialize.deserialize_then_decompress_ring_element_v with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- COMPRESSION_FACTOR= 5 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -deserialize_then_decompress_ring_element_v_44(Eurydice_slice serialized) { - return deserialize_then_decompress_5_25(serialized); -} - -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ -/** -A monomorphic instance of libcrux_ml_kem.matrix.compute_message -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_1c -compute_message_c7( - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *v, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *secret_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c result = ZERO_89_06(); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c product = - ntt_multiply_89_16(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_ae(&result, &product);); - invert_ntt_montgomery_62(&result); - result = subtract_reduce_89_25(v, result); - return result; -} - -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_unpacked_d6( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c *secret_key, - uint8_t *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c u_as_ntt[4U]; - deserialize_then_decompress_u_33(ciphertext, u_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c v = - deserialize_then_decompress_ring_element_v_44( - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c message = - compute_message_c7(&v, secret_key->secret_as_ntt, u_as_ntt); - uint8_t ret0[32U]; - compress_then_serialize_message_ab(message, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::hash_functions::Hash for -libcrux_ml_kem::hash_functions::neon::Simd128Hash)} -*/ -/** -A monomorphic instance of libcrux_ml_kem.hash_functions.neon.PRF_48 -with const generics -- K= 4 -- LEN= 32 -*/ -static KRML_MUSTINLINE void PRF_48_6e(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b4(input, ret); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec( - libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *key_pair, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - uint8_t decrypted[32U]; - decrypt_unpacked_d6(&key_pair->private_key.ind_cpa_private_key, - ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret = uu____1.fst; - Eurydice_slice pseudorandomness = uu____1.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), - to_hash); - Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c *uu____3 = - &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_54(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); - uint8_t selector = - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( - shared_secret, - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - selector, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -*/ -static KRML_MUSTINLINE void deserialize_secret_key_4f( - Eurydice_slice secret_key, - libcrux_ml_kem_polynomial_PolynomialRingElement_1c ret[4U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_06();); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; - i++) { - size_t i0 = i; - Eurydice_slice secret_bytes = Eurydice_slice_subslice2( - secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + - LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_1c uu____0 = - deserialize_to_uncompressed_ring_element_10(secret_bytes); - secret_as_ntt[i0] = uu____0; - } - memcpy( - ret, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- K= 4 -- CIPHERTEXT_SIZE= 1568 -- VECTOR_U_ENCODED_SIZE= 1408 -- U_COMPRESSION_FACTOR= 11 -- V_COMPRESSION_FACTOR= 5 -*/ -static void decrypt_af(Eurydice_slice secret_key, uint8_t *ciphertext, - uint8_t ret[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; - deserialize_secret_key_4f(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_1c copy_of_secret_as_ntt[4U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - secret_key_unpacked; - memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_1c)); - uint8_t ret0[32U]; - decrypt_unpacked_d6(&secret_key_unpacked, ciphertext, ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, -libcrux_ml_kem_hash_functions_neon_Simd128Hash, libcrux_ml_kem_ind_cca_MlKem -with const generics -- K= 4 -- SECRET_KEY_SIZE= 3168 -- CPA_SECRET_KEY_SIZE= 1536 -- PUBLIC_KEY_SIZE= 1568 -- CIPHERTEXT_SIZE= 1568 -- T_AS_NTT_ENCODED_SIZE= 1536 -- C1_SIZE= 1408 -- C2_SIZE= 160 -- VECTOR_U_COMPRESSION_FACTOR= 11 -- VECTOR_V_COMPRESSION_FACTOR= 5 -- C1_BLOCK_SIZE= 352 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -- IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 -*/ -void libcrux_ml_kem_ind_cca_decapsulate_82( - libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, - libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, - uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), - (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_secret_key = uu____0.fst; - Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key = uu____1.fst; - Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( - secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; - Eurydice_slice implicit_rejection_value = uu____2.snd; - uint8_t decrypted[32U]; - decrypt_af(ind_cpa_secret_key, ciphertext->value, decrypted); - uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from( - (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); - uint8_t hashed[64U]; - G_48_77( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, - Eurydice_slice_uint8_t_x2); - Eurydice_slice shared_secret0 = uu____3.fst; - Eurydice_slice pseudorandomness = uu____3.snd; - uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); - Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( - (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); - uint8_t implicit_rejection_shared_secret0[32U]; - PRF_48_6e( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); - Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); - uint8_t expected_ciphertext[1568U]; - encrypt_4e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); - uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_63( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); - uint8_t shared_secret[32U]; - kdf_af_63(shared_secret0, shared_secret); - uint8_t ret0[32U]; - libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), - ret0); - memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); -} diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 4aac58084..f2358c033 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem_neon_H @@ -20,7 +20,6 @@ extern "C" { #include "eurydice_glue.h" #include "libcrux_core.h" -#include "libcrux_mlkem_portable.h" #include "libcrux_sha3_neon.h" void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, @@ -29,571 +28,6 @@ void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]); -typedef struct libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector_s { - int16x8_t low; - int16x8_t high; -} libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector; - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_ZERO(void); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ZERO_20(void); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_from_i16_array(Eurydice_slice array); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_from_i16_array_20(Eurydice_slice array); - -void libcrux_ml_kem_vector_neon_vector_type_to_i16_array( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_to_i16_array_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector x, int16_t ret[16U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_add( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_add_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_sub( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_sub_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_bitwise_and_with_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_bitwise_and_with_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_cond_subtract_3329( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_cond_subtract_3329_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -#define LIBCRUX_ML_KEM_VECTOR_NEON_ARITHMETIC_BARRETT_MULTIPLIER \ - ((int16_t)20159) - -int16x8_t libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce_int16x8_t( - int16x8_t v); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_barrett_reduce( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_barrett_reduce_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_reduce_int16x8_t( - int16x8_t low, int16x8_t high); - -int16x8_t -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant_int16x8_t( - int16x8_t v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_by_constant( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_montgomery_multiply_by_constant_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_compress_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_compress_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v); - -int16_t libcrux_ml_kem_vector_neon_compress_mask_n_least_significant_bits( - int16_t coefficient_bits); - -int16x8_t libcrux_ml_kem_vector_neon_arithmetic_montgomery_multiply_int16x8_t( - int16x8_t v, int16x8_t c); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_1_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_1_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_2_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta1, - int16_t zeta2); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_2_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta1, - int16_t zeta2); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_inv_ntt_layer_3_step( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, int16_t zeta); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_inv_ntt_layer_3_step_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, int16_t zeta); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_ntt_multiply( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_ntt_multiply_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *lhs, - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *rhs, int16_t zeta1, - int16_t zeta2, int16_t zeta3, int16_t zeta4); - -void libcrux_ml_kem_vector_neon_serialize_serialize_1( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[2U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_1_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[2U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_1(Eurydice_slice a); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_1_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_4( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[8U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_4_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[8U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_4(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_4_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_5( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_5_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[10U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_5(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_5_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_10( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[20U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_10_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[20U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_10(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_10_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_11( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[22U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_11_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[22U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_11(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_11_20(Eurydice_slice a); - -void libcrux_ml_kem_vector_neon_serialize_serialize_12( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector v, uint8_t ret[24U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -void libcrux_ml_kem_vector_neon_serialize_12_20( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector a, uint8_t ret[24U]); - -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_serialize_deserialize_12(Eurydice_slice v); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_deserialize_12_20(Eurydice_slice a); - -size_t libcrux_ml_kem_vector_neon_rej_sample(Eurydice_slice a, - Eurydice_slice result); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -size_t libcrux_ml_kem_vector_neon_rej_sample_20(Eurydice_slice a, - Eurydice_slice out); - -/** -This function found in impl {(core::clone::Clone for -libcrux_ml_kem::vector::neon::vector_type::SIMD128Vector)} -*/ -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -libcrux_ml_kem_vector_neon_vector_type_clone_ed( - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector *self); - -/** -A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector - -*/ -typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_1c_s { - libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector coefficients[16U]; -} libcrux_ml_kem_polynomial_PolynomialRingElement_1c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_66 - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[2U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[2U][2U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_66 ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $2size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_66 private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_fd - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_fd ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_fd private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c secret_as_ntt[4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cca.unpacked.MlKemPrivateKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_2c - ind_cpa_private_key; - uint8_t implicit_rejection_value[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c; - -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_1c t_as_ntt[4U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_1c A[4U][4U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_2c ind_cpa_public_key; - uint8_t public_key_hash[32U]; -} libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c; - -/** -A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemKeyPairUnpacked -with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector -with const generics -- $4size_t -*/ -typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c_s { - libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_2c private_key; - libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c public_key; -} libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c; - #if defined(__cplusplus) } #endif diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 39f30d882..67dd953b3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "internal/libcrux_mlkem_portable.h" @@ -68,407 +68,20 @@ const int16_t libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[128U] = { (int16_t)-108, (int16_t)-308, (int16_t)996, (int16_t)991, (int16_t)958, (int16_t)-1460, (int16_t)1522, (int16_t)1628}; -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 4U & - 15U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - lit.elements[0U] = (int16_t)0; - lit.elements[1U] = (int16_t)0; - lit.elements[2U] = (int16_t)0; - lit.elements[3U] = (int16_t)0; - lit.elements[4U] = (int16_t)0; - lit.elements[5U] = (int16_t)0; - lit.elements[6U] = (int16_t)0; - lit.elements[7U] = (int16_t)0; - lit.elements[8U] = (int16_t)0; - lit.elements[9U] = (int16_t)0; - lit.elements[10U] = (int16_t)0; - lit.elements[11U] = (int16_t)0; - lit.elements[12U] = (int16_t)0; - lit.elements[13U] = (int16_t)0; - lit.elements[14U] = (int16_t)0; - lit.elements[15U] = (int16_t)0; - return lit; -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]) { - libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_from_i16_array( - Eurydice_slice array) { - libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; - int16_t ret[16U]; - core_result_Result_c0 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); - memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); - return lit; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { - return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); -} - -KRML_MUSTINLINE uint8_t_x5 -libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); - uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) - << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); - uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) - << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); - return (CLITERAL(uint8_t_x5){ - .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); -} - -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]) { - uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); - uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); - uint8_t result[10U] = {0U}; - result[0U] = r0_4.fst; - result[1U] = r0_4.snd; - result[2U] = r0_4.thd; - result[3U] = r0_4.f3; - result[4U] = r0_4.f4; - result[5U] = r5_9.fst; - result[6U] = r5_9.snd; - result[7U] = r5_9.thd; - result[8U] = r5_9.f3; - result[9U] = r5_9.f4; - memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & - 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & - 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> - 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 2U & - 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & - 15U) - << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> - 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & - 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> - 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 1U & - 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & - 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> - 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> - 3U); - return (CLITERAL(int16_t_x8){.fst = v0, - .snd = v1, - .thd = v2, - .f3 = v3, - .f4 = v4, - .f5 = v5, - .f6 = v6, - .f7 = v7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; -} - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); -} - -KRML_MUSTINLINE int16_t_x8 -libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - return (CLITERAL(int16_t_x8){.fst = r0, - .snd = r1, - .thd = r2, - .f3 = r3, - .f4 = r4, - .f5 = r5, - .f6 = r6, - .f7 = r7}); -} - -KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { - int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); - int16_t_x8 v8_15 = - libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); - libcrux_ml_kem_vector_portable_vector_type_PortableVector v = - libcrux_ml_kem_vector_portable_vector_type_zero(); - v.elements[0U] = v0_7.fst; - v.elements[1U] = v0_7.snd; - v.elements[2U] = v0_7.thd; - v.elements[3U] = v0_7.f3; - v.elements[4U] = v0_7.f4; - v.elements[5U] = v0_7.f5; - v.elements[6U] = v0_7.f6; - v.elements[7U] = v0_7.f7; - v.elements[8U] = v8_15.fst; - v.elements[9U] = v8_15.snd; - v.elements[10U] = v8_15.thd; - v.elements[11U] = v8_15.f3; - v.elements[12U] = v8_15.f4; - v.elements[13U] = v8_15.f5; - v.elements[14U] = v8_15.f6; - v.elements[15U] = v8_15.f7; - return v; +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_from_i16_array( + Eurydice_slice array) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + int16_t ret[16U]; + core_result_Result_c0 dst; + Eurydice_slice_to_array2( + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); + core_result_unwrap_41_f9(dst, ret); + memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); + return lit; } /** @@ -476,8 +89,8 @@ This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { + return libcrux_ml_kem_vector_portable_vector_type_from_i16_array(array); } KRML_MUSTINLINE uint8_t_x11 @@ -676,6 +289,28 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( .f7 = r7}); } +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void) { + libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; + lit.elements[0U] = (int16_t)0; + lit.elements[1U] = (int16_t)0; + lit.elements[2U] = (int16_t)0; + lit.elements[3U] = (int16_t)0; + lit.elements[4U] = (int16_t)0; + lit.elements[5U] = (int16_t)0; + lit.elements[6U] = (int16_t)0; + lit.elements[7U] = (int16_t)0; + lit.elements[8U] = (int16_t)0; + lit.elements[9U] = (int16_t)0; + lit.elements[10U] = (int16_t)0; + lit.elements[11U] = (int16_t)0; + lit.elements[12U] = (int16_t)0; + lit.elements[13U] = (int16_t)0; + lit.elements[14U] = (int16_t)0; + lit.elements[15U] = (int16_t)0; + return lit; +} + KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( @@ -715,6 +350,537 @@ libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a) { return libcrux_ml_kem_vector_portable_serialize_deserialize_11(a); } +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + memcpy(ret, x.elements, (size_t)16U * sizeof(int16_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]) { + libcrux_ml_kem_vector_portable_vector_type_to_i16_array(x, ret); +} + +const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE + [256U][16U] = {{255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 255U, + 255U, 255U, 255U}, + {12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 255U, 255U}, + {14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 14U, 15U, 255U, + 255U, 255U, 255U}, + {10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 14U, + 15U, 255U, 255U}, + {12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, 255U, 255U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, 255U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, 255U, + 255U, 255U, 255U, 255U, 255U}, + {0U, 1U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 2U, 3U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, 15U, + 255U, 255U, 255U, 255U}, + {0U, 1U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, 13U, 14U, + 15U, 255U, 255U}, + {0U, 1U, 2U, 3U, 4U, 5U, 6U, 7U, 8U, 9U, 10U, 11U, 12U, + 13U, 14U, 15U}}; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -1402,68 +1568,311 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { - return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_1(a); +} + +KRML_MUSTINLINE uint8_t_x4 +libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); + return (CLITERAL(uint8_t_x4){ + .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[8U]) { + uint8_t_x4 result0_3 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, + int16_t, Eurydice_slice)); + uint8_t_x4 result4_7 = + libcrux_ml_kem_vector_portable_serialize_serialize_4_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t, Eurydice_slice)); + uint8_t result[8U] = {0U}; + result[0U] = result0_3.fst; + result[1U] = result0_3.snd; + result[2U] = result0_3.thd; + result[3U] = result0_3.f3; + result[4U] = result4_7.fst; + result[5U] = result4_7.snd; + result[6U] = result4_7.thd; + result[7U] = result4_7.f3; + memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_4_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[8U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +} + +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 15U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 4U & + 15U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_4(a); +} + +KRML_MUSTINLINE uint8_t_x5 +libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); + uint8_t r1 = + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) + << 2U) | + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); + uint8_t r3 = + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) + << 1U) | + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); + return (CLITERAL(uint8_t_x5){ + .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); +} + +KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]) { + uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); + uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); + uint8_t result[10U] = {0U}; + result[0U] = r0_4.fst; + result[1U] = r0_4.snd; + result[2U] = r0_4.thd; + result[3U] = r0_4.f3; + result[4U] = r0_4.f4; + result[5U] = r5_9.fst; + result[6U] = r5_9.snd; + result[7U] = r5_9.thd; + result[8U] = r5_9.f3; + result[9U] = r5_9.f4; + memcpy(ret, result, (size_t)10U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]) { + libcrux_ml_kem_vector_portable_serialize_serialize_5(a, ret); } -KRML_MUSTINLINE uint8_t_x4 -libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); - return (CLITERAL(uint8_t_x4){ - .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes) { + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + 31U); + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + 3U) << 3U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + 5U); + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 2U & + 31U); + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + 15U) + << 1U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + 7U); + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + 1U) << 4U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + 4U); + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 1U & + 31U); + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + 7U) << 2U | + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + 6U); + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + 3U); + return (CLITERAL(int16_t_x8){.fst = v0, + .snd = v1, + .thd = v2, + .f3 = v3, + .f4 = v4, + .f5 = v5, + .f6 = v6, + .f7 = v7}); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[8U]) { - uint8_t_x4 result0_3 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); - uint8_t_x4 result4_7 = - libcrux_ml_kem_vector_portable_serialize_serialize_4_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); - uint8_t result[8U] = {0U}; - result[0U] = result0_3.fst; - result[1U] = result0_3.snd; - result[2U] = result0_3.thd; - result[3U] = result0_3.f3; - result[4U] = result4_7.fst; - result[5U] = result4_7.snd; - result[6U] = result4_7.thd; - result[7U] = result4_7.f3; - memcpy(ret, result, (size_t)8U * sizeof(uint8_t)); +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} */ -void libcrux_ml_kem_vector_portable_serialize_4_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[8U]) { - libcrux_ml_kem_vector_portable_serialize_serialize_4(a, ret); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_5(a); } KRML_MUSTINLINE uint8_t_x5 @@ -1552,6 +1961,112 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_serialize_serialize_10(a, ret); } +KRML_MUSTINLINE int16_t_x8 +libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes) { + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + return (CLITERAL(int16_t_x8){.fst = r0, + .snd = r1, + .thd = r2, + .f3 = r3, + .f4 = r4, + .f5 = r5, + .f6 = r6, + .f7 = r7}); +} + +KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { + int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); + int16_t_x8 v8_15 = + libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); + libcrux_ml_kem_vector_portable_vector_type_PortableVector v = + libcrux_ml_kem_vector_portable_vector_type_zero(); + v.elements[0U] = v0_7.fst; + v.elements[1U] = v0_7.snd; + v.elements[2U] = v0_7.thd; + v.elements[3U] = v0_7.f3; + v.elements[4U] = v0_7.f4; + v.elements[5U] = v0_7.f5; + v.elements[6U] = v0_7.f6; + v.elements[7U] = v0_7.f7; + v.elements[8U] = v8_15.fst; + v.elements[9U] = v8_15.snd; + v.elements[10U] = v8_15.thd; + v.elements[11U] = v8_15.f3; + v.elements[12U] = v8_15.f4; + v.elements[13U] = v8_15.f5; + v.elements[14U] = v8_15.f6; + v.elements[15U] = v8_15.f7; + return v; +} + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { + return libcrux_ml_kem_vector_portable_serialize_deserialize_10(a); +} + KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, @@ -1800,7 +2315,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_02(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -1834,8 +2349,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_d2(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -1866,12 +2381,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -1883,7 +2398,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_524( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1897,7 +2412,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_83(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -1916,8 +2431,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_bf(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_83(v); +shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_f8(v); } /** @@ -1927,10 +2442,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_af( +to_unsigned_representative_78( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_bf(a); + shift_right_0d_4b(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1943,14 +2458,14 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_05( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re->coefficients[i0]); + to_unsigned_representative_78(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -1974,7 +2489,7 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_e81( +static KRML_MUSTINLINE void serialize_secret_key_f81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; @@ -1993,7 +2508,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e81( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -2013,7 +2528,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_9a1( +static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; @@ -2021,7 +2536,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a1( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_e81(t_as_ntt, ret0); + serialize_secret_key_f81(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), @@ -2042,15 +2557,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_991(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_524( + deserialize_ring_elements_reduced_724( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), @@ -2081,7 +2596,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_111(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2092,10 +2607,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_821( +static void closure_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -2113,7 +2628,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_411(uint8_t input[4U][34U]) { +shake128_init_absorb_751(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, @@ -2144,11 +2659,11 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_511(uint8_t input[4U][34U]) { +shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[4U][34U]; memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_411(copy_of_input); + return shake128_init_absorb_751(copy_of_input); } /** @@ -2157,7 +2672,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_541( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( @@ -2179,9 +2694,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_541(self, ret); + shake128_squeeze_three_blocks_101(self, ret); } /** @@ -2232,7 +2747,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_023( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2271,7 +2786,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_881(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2292,9 +2807,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_681( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_881(self, ret); + shake128_squeeze_block_ed1(self, ret); } /** @@ -2345,7 +2860,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_024( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2389,8 +2904,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_48(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); +from_i16_array_89_6b(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2411,9 +2926,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_131( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -2424,7 +2939,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_f61( +static KRML_MUSTINLINE void sample_from_xof_2b1( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; @@ -2432,25 +2947,25 @@ static KRML_MUSTINLINE void sample_from_xof_f61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_511(copy_of_seeds); + PortableHash_d1 xof_state = shake128_init_absorb_f1_111(copy_of_seeds); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_7f1(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[4U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_023( + bool done = sample_from_uniform_distribution_next_053( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_681(&xof_state, randomness); + shake128_squeeze_block_f1_c11(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[4U][168U]; memcpy(copy_of_randomness, randomness, (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_024( + done = sample_from_uniform_distribution_next_054( copy_of_randomness, sampled_coefficients, out); } } @@ -2459,7 +2974,7 @@ static KRML_MUSTINLINE void sample_from_xof_f61( memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_131(copy_of_out[i]);); + ret0[i] = closure_991(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2472,12 +2987,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_551( +static KRML_MUSTINLINE void sample_matrix_A_231( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_821(A_transpose[i]);); + closure_e81(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -2492,7 +3007,7 @@ static KRML_MUSTINLINE void sample_matrix_A_551( uint8_t copy_of_seeds[4U][34U]; memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_f61(copy_of_seeds, sampled); + sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -2533,7 +3048,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_632(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; @@ -2555,9 +3070,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_772(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_632(input, ret); + PRFxN_1d2(input, ret); } /** @@ -2616,7 +3131,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2652,7 +3167,7 @@ sample_from_binomial_distribution_2_c8(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2663,7 +3178,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; i0 < @@ -2698,7 +3213,7 @@ sample_from_binomial_distribution_3_b8(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_48(Eurydice_array_to_slice( + return from_i16_array_89_6b(Eurydice_array_to_slice( (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } @@ -2709,8 +3224,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e3(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c8(randomness); +sample_from_binomial_distribution_66(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_20(randomness); } /** @@ -2719,7 +3234,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_1c( +static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -2747,7 +3262,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_29( +montgomery_multiply_fe_d5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2761,12 +3276,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_29(b, zeta_r); + montgomery_multiply_fe_d5(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2780,7 +3295,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2793,7 +3308,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_c0( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_a6( + ntt_layer_int_vec_step_d7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2810,7 +3325,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_c1( +static KRML_MUSTINLINE void ntt_at_layer_3_34( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2828,7 +3343,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_46( +static KRML_MUSTINLINE void ntt_at_layer_2_7b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2848,7 +3363,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c9( +static KRML_MUSTINLINE void ntt_at_layer_1_4f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2876,7 +3391,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_55( +static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2894,17 +3409,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_d5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_1c(re); + ntt_at_layer_7_13(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -2920,11 +3435,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -2936,12 +3451,12 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_011( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( + re_as_ntt[i0] = sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -2993,9 +3508,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_f7(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3032,7 +3547,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e1( +static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -3059,7 +3574,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_a1( +to_standard_domain_3e( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3075,14 +3590,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_0b( +static KRML_MUSTINLINE void add_standard_error_reduce_89_99( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_a1(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3100,14 +3615,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_a51( +static KRML_MUSTINLINE void compute_As_plus_e_da1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3130,10 +3645,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -3190,10 +3705,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_a91( +static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_111(key_generation_seed, hashed); + G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3201,15 +3716,15 @@ static tuple_540 generate_keypair_unpacked_a91( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_551(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_231(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, @@ -3221,10 +3736,10 @@ static tuple_540 generate_keypair_unpacked_a91( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_011(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_a51(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -3278,10 +3793,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f21( +static void closure_571( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -3294,7 +3809,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_93( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3316,7 +3831,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_af1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3334,7 +3849,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3343,18 +3858,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_a91(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f21(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3364,13 +3879,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_9a1( + serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -3414,18 +3929,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e81( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_a91(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_9a1(pk.t_as_ntt, + serialize_public_key_801(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_e81(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1536U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -3452,7 +3967,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_6b( +static KRML_MUSTINLINE void serialize_kem_secret_key_f2( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3481,7 +3996,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_6b( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af1(public_key, ret0); + H_f1_2e1(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -3522,7 +4037,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -3532,13 +4047,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e81(ind_cpa_keypair_randomness); + generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_6b( + serialize_kem_secret_key_f2( Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, @@ -3549,13 +4064,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f1(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_e00(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1568U]; memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c0( - uu____2, libcrux_ml_kem_types_from_b6_570(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_c91( + uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); } /** @@ -3571,10 +4086,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -3586,11 +4101,11 @@ sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_772(prf_inputs, prf_outputs); + PRFxN_f1_892(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -3611,7 +4126,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_b60(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), @@ -3629,9 +4144,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f4(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -3640,7 +4155,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_2a( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3664,7 +4179,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_84( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3684,7 +4199,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3704,7 +4219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3712,7 +4227,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_29(a_minus_b, zeta_r); + b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3724,7 +4239,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3739,7 +4254,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_0f( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_56( + inv_ntt_layer_int_vec_step_reduce_87( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3756,18 +4271,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d41( +static KRML_MUSTINLINE void invert_ntt_montgomery_861( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -3780,7 +4295,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_b9( +static KRML_MUSTINLINE void add_error_reduce_89_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3807,14 +4322,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_571( +static KRML_MUSTINLINE void compute_vector_u_a11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -3836,11 +4351,11 @@ static KRML_MUSTINLINE void compute_vector_u_571( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e1(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_d41(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_861(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3854,7 +4369,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_e9(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -3868,8 +4383,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3879,7 +4394,7 @@ deserialize_then_decompress_message_cb(uint8_t serialized[32U]) { (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_e9(coefficient_compressed); + decompress_1_89(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -3895,7 +4410,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_11( +add_message_error_reduce_89_8b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -3928,18 +4443,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c81( +compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -3949,7 +4464,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_94(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -3970,9 +4485,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_9b( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_94(v); + return compress_be(v); } /** @@ -3981,7 +4496,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_940(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4003,8 +4518,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_940(v); +compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be0(v); } /** @@ -4013,14 +4528,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_2d0( +static KRML_MUSTINLINE void compress_then_serialize_11_e10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b0(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -4041,10 +4556,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d80( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_2d0(re, uu____0); + compress_then_serialize_11_e10(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4060,7 +4575,7 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_251( +static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -4078,7 +4593,7 @@ static void compress_then_serialize_u_251( (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_d80(&re, ret); + compress_then_serialize_ring_element_u_2f0(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), @@ -4092,7 +4607,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_941(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4114,8 +4629,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_941(v); +compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be1(v); } /** @@ -4124,14 +4639,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_09( +static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b1(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); core_slice___Slice_T___copy_from_slice( @@ -4149,7 +4664,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_942(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4171,8 +4686,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_9b2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_942(v); +compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_be2(v); } /** @@ -4181,14 +4696,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_b9( +static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_9b2(to_unsigned_representative_af(re.coefficients[i0])); + compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); core_slice___Slice_T___copy_from_slice( @@ -4207,9 +4722,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d60( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_b9(re, out); + compress_then_serialize_5_a3(re, out); } /** @@ -4271,15 +4786,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_651( +static void encrypt_unpacked_6c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_011(copy_of_prf_input0, 0U); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, @@ -4289,7 +4804,7 @@ static void encrypt_unpacked_651( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4297,33 +4812,33 @@ static void encrypt_unpacked_651( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f4( + PRF_f1_044( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_571(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_251( + compress_then_serialize_u_241( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d60( + compress_then_serialize_ring_element_v_310( uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); @@ -4349,11 +4864,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -4365,7 +4880,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4380,7 +4895,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_651(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4391,7 +4906,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_861( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4412,7 +4927,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4434,12 +4949,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -4451,7 +4966,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_523( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4477,10 +4992,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_523( + deserialize_ring_elements_reduced_723( Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4488,8 +5003,8 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_551(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -4523,7 +5038,7 @@ static void encrypt_f71(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_651(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4538,7 +5053,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_f4(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -4566,15 +5081,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a1( + entropy_preprocess_af_44( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -4582,8 +5097,8 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), + H_f1_2e1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -4591,7 +5106,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -4601,20 +5116,20 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_9d1( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_1f0(public_key), uint8_t, + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_f71(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_200(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_f4(shared_secret, shared_secret_array); + kdf_af_c2(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -4633,7 +5148,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_41( +decompress_ciphertext_coefficient_b8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4658,9 +5173,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc( +decompress_ciphertext_coefficient_0d_f4( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_41(v); + return decompress_ciphertext_coefficient_b8(v); } /** @@ -4670,8 +5185,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_02(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_10_e9(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; @@ -4683,7 +5198,7 @@ deserialize_then_decompress_10_02(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc(coefficient); + decompress_ciphertext_coefficient_0d_f4(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4696,7 +5211,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_410( +decompress_ciphertext_coefficient_b80( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4721,9 +5236,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc0( +decompress_ciphertext_coefficient_0d_f40( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_410(v); + return decompress_ciphertext_coefficient_b80(v); } /** @@ -4733,8 +5248,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_a4(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_11_f5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; @@ -4746,7 +5261,7 @@ deserialize_then_decompress_11_a4(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc0(coefficient); + decompress_ciphertext_coefficient_0d_f40(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4759,8 +5274,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_450(Eurydice_slice serialized) { - return deserialize_then_decompress_11_a4(serialized); +deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f5(serialized); } /** @@ -4769,17 +5284,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_d70( +static KRML_MUSTINLINE void ntt_vector_u_ed0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -4794,12 +5309,12 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_201( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, @@ -4818,8 +5333,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_201( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_450(u_bytes); - ntt_vector_u_d70(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); + ntt_vector_u_ed0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4833,7 +5348,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_411( +decompress_ciphertext_coefficient_b81( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4858,9 +5373,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc1( +decompress_ciphertext_coefficient_0d_f41( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_411(v); + return decompress_ciphertext_coefficient_b81(v); } /** @@ -4870,8 +5385,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_b6(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_4_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; i++) { @@ -4882,7 +5397,7 @@ deserialize_then_decompress_4_b6(Eurydice_slice serialized) { libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_cc1(coefficient); + decompress_ciphertext_coefficient_0d_f41(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -4895,7 +5410,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_412( +decompress_ciphertext_coefficient_b82( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4920,9 +5435,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_cc2( +decompress_ciphertext_coefficient_0d_f42( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_412(v); + return decompress_ciphertext_coefficient_b82(v); } /** @@ -4932,8 +5447,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_9f(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_then_decompress_5_53(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; @@ -4945,7 +5460,7 @@ deserialize_then_decompress_5_9f(Eurydice_slice serialized) { re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_cc2(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -4958,8 +5473,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_670(Eurydice_slice serialized) { - return deserialize_then_decompress_5_9f(serialized); +deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { + return deserialize_then_decompress_5_53(serialized); } /** @@ -4973,7 +5488,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_d2(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5004,17 +5519,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f61( +compute_message_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e1(&result, &product);); - invert_ntt_montgomery_d41(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_931(&result, &product);); + invert_ntt_montgomery_861(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -5024,13 +5539,13 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_ef( +static KRML_MUSTINLINE void compress_then_serialize_message_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_af(re.coefficients[i0]); + to_unsigned_representative_78(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); @@ -5080,20 +5595,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_181( +static void decrypt_unpacked_e71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_201(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_670( + deserialize_then_decompress_ring_element_v_300( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f61(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5102,7 +5617,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_b6(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), @@ -5120,8 +5635,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f3(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -5146,15 +5661,15 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_181(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -5166,7 +5681,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -5176,7 +5691,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973( + libcrux_ml_kem_utils_into_padded_array_2d4( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -5185,9 +5700,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = @@ -5196,11 +5711,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f61( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_651(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5219,8 +5734,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_00(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_02(); +deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; @@ -5245,12 +5760,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b1( +static KRML_MUSTINLINE void deserialize_secret_key_011( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5262,7 +5777,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b1( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5280,10 +5795,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_6b1(secret_key, secret_as_ntt); + deserialize_secret_key_011(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5295,7 +5810,7 @@ static void decrypt_4a1(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_181(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5321,7 +5836,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_711( +void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5341,9 +5856,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -5352,7 +5867,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_111( + G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -5362,14 +5877,14 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_973(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f00(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f3( + PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -5377,18 +5892,18 @@ void libcrux_ml_kem_ind_cca_decapsulate_711( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_f71(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_f4( + kdf_af_c2( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_f4(shared_secret0, shared_secret); + kdf_af_c2(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f00(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5412,12 +5927,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -5429,7 +5944,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_522( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5447,7 +5962,7 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_e80( +static KRML_MUSTINLINE void serialize_secret_key_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; @@ -5466,7 +5981,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e80( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -5486,14 +6001,14 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_9a0( +static KRML_MUSTINLINE void serialize_public_key_800( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_e80(t_as_ntt, ret0); + serialize_secret_key_f80(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), @@ -5514,15 +6029,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_990(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_522( + deserialize_ring_elements_reduced_722( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), @@ -5539,10 +6054,10 @@ libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$2size_t]] */ -typedef struct tuple_4c_s { +typedef struct tuple_4c0_s { libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae snd; -} tuple_4c; +} tuple_4c0; /** This function found in impl {(libcrux_ml_kem::hash_functions::Hash for @@ -5553,7 +6068,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_110(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5564,10 +6079,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_820( +static void closure_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -5585,7 +6100,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_410(uint8_t input[2U][34U]) { +shake128_init_absorb_750(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, @@ -5616,11 +6131,11 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_510(uint8_t input[2U][34U]) { +shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[2U][34U]; memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_410(copy_of_input); + return shake128_init_absorb_750(copy_of_input); } /** @@ -5629,7 +6144,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_540( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( @@ -5651,9 +6166,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_540(self, ret); + shake128_squeeze_three_blocks_100(self, ret); } /** @@ -5704,7 +6219,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_021( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5743,7 +6258,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_880(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -5764,9 +6279,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_680( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_880(self, ret); + shake128_squeeze_block_ed0(self, ret); } /** @@ -5817,7 +6332,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_022( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -5857,9 +6372,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_130( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -5870,7 +6385,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_f60( +static KRML_MUSTINLINE void sample_from_xof_2b0( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; @@ -5878,25 +6393,25 @@ static KRML_MUSTINLINE void sample_from_xof_f60( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_510(copy_of_seeds); + PortableHash_8b xof_state = shake128_init_absorb_f1_110(copy_of_seeds); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_7f0(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[2U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_021( + bool done = sample_from_uniform_distribution_next_051( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_680(&xof_state, randomness); + shake128_squeeze_block_f1_c10(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[2U][168U]; memcpy(copy_of_randomness, randomness, (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_022( + done = sample_from_uniform_distribution_next_052( copy_of_randomness, sampled_coefficients, out); } } @@ -5905,7 +6420,7 @@ static KRML_MUSTINLINE void sample_from_xof_f60( memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_130(copy_of_out[i]);); + ret0[i] = closure_990(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5918,12 +6433,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_550( +static KRML_MUSTINLINE void sample_matrix_A_230( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_820(A_transpose[i]);); + closure_e80(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5938,7 +6453,7 @@ static KRML_MUSTINLINE void sample_matrix_A_550( uint8_t copy_of_seeds[2U][34U]; memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_f60(copy_of_seeds, sampled); + sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -5968,10 +6483,10 @@ with types libcrux_ml_kem_polynomial_PolynomialRingElement libcrux_ml_kem_vector_portable_vector_type_PortableVector[2size_t], uint8_t */ -typedef struct tuple_74_s { +typedef struct tuple_740_s { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 fst[2U]; uint8_t snd; -} tuple_74; +} tuple_740; /** A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRFxN @@ -5979,7 +6494,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_630(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6001,9 +6516,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_770(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_630(input, ret); + PRFxN_1d0(input, ret); } /** @@ -6013,8 +6528,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_e30(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_b8(randomness); +sample_from_binomial_distribution_660(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_85(randomness); } /** @@ -6030,11 +6545,11 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6046,18 +6561,18 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_010( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_770(prf_inputs, prf_outputs); + PRFxN_f1_890(prf_inputs, prf_outputs); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e30( + re_as_ntt[i0] = sample_from_binomial_distribution_660( Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6079,7 +6594,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e0( +static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -6108,14 +6623,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_a50( +static KRML_MUSTINLINE void compute_As_plus_e_da0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6138,10 +6653,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -6198,10 +6713,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_a90( +static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_110(key_generation_seed, hashed); + G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6209,15 +6724,15 @@ static tuple_4c generate_keypair_unpacked_a90( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_550(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_230(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, @@ -6229,10 +6744,10 @@ static tuple_4c generate_keypair_unpacked_a90( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_010(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_a50(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -6269,7 +6784,7 @@ static tuple_4c generate_keypair_unpacked_a90( memcpy( sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); + return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } /** @@ -6286,10 +6801,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_f20( +static void closure_570( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -6301,7 +6816,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_af0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6319,7 +6834,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6328,18 +6843,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_a90(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f20(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6349,13 +6864,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_9a0( + serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -6399,18 +6914,18 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e80( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_a90(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_9a0(pk.t_as_ntt, + serialize_public_key_800(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_e80(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[768U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -6437,7 +6952,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_b4( +static KRML_MUSTINLINE void serialize_kem_secret_key_41( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6466,7 +6981,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_b4( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af0(public_key, ret0); + H_f1_2e0(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -6507,7 +7022,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6517,13 +7032,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e80(ind_cpa_keypair_randomness); + generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_b4( + serialize_kem_secret_key_41( Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, @@ -6534,13 +7049,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f0(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_e01(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[800U]; memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c1( - uu____2, libcrux_ml_kem_types_from_b6_571(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_c9( + uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); } /** @@ -6549,7 +7064,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_631(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; @@ -6571,9 +7086,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_771(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_631(input, ret); + PRFxN_1d1(input, ret); } /** @@ -6588,11 +7103,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - ETA2= 2 */ -static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { +static KRML_MUSTINLINE tuple_740 +sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -6604,11 +7119,11 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_771(prf_inputs, prf_outputs); + PRFxN_f1_891(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -6616,7 +7131,7 @@ sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { memcpy( copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - tuple_74 lit; + tuple_740 lit; memcpy( lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6634,9 +7149,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f2(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -6645,18 +7160,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d40( +static KRML_MUSTINLINE void invert_ntt_montgomery_860( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -6668,14 +7183,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_570( +static KRML_MUSTINLINE void compute_vector_u_a10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -6697,11 +7212,11 @@ static KRML_MUSTINLINE void compute_vector_u_570( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e0(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_d40(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_860(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6718,18 +7233,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c80( +compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -6739,14 +7254,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_54( +static KRML_MUSTINLINE void compress_then_serialize_10_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_9b(to_unsigned_representative_af(re->coefficients[i0])); + compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6767,10 +7282,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_d8( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_54(re, uu____0); + compress_then_serialize_10_3b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -6786,7 +7301,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_250( +static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -6804,7 +7319,7 @@ static void compress_then_serialize_u_250( (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -6819,9 +7334,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_d6( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_09(re, out); + compress_then_serialize_4_e5(re, out); } /** @@ -6883,15 +7398,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_650( +static void encrypt_unpacked_6c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_010(copy_of_prf_input0, 0U); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, @@ -6900,8 +7415,8 @@ static void encrypt_unpacked_650( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); + tuple_740 uu____3 = + sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6909,32 +7424,32 @@ static void encrypt_unpacked_650( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f2( + PRF_f1_042( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_570(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_250( + compress_then_serialize_u_240( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); @@ -6960,11 +7475,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -6976,7 +7491,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -6991,7 +7506,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_650(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7002,7 +7517,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_860( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7023,7 +7538,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_57(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7045,12 +7560,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7062,7 +7577,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_521( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7088,10 +7603,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_521( + deserialize_ring_elements_reduced_721( Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -7099,8 +7614,8 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_550(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -7134,7 +7649,7 @@ static void encrypt_f70(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_650(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7149,7 +7664,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_26(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -7177,15 +7692,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_57( + entropy_preprocess_af_5d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -7193,8 +7708,8 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), + H_f1_2e0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -7202,7 +7717,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7212,20 +7727,20 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_9d0( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_1f1(public_key), uint8_t, + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_f70(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_201(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_26(shared_secret, shared_secret_array); + kdf_af_e8(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7244,8 +7759,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_45(Eurydice_slice serialized) { - return deserialize_then_decompress_10_02(serialized); +deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { + return deserialize_then_decompress_10_e9(serialized); } /** @@ -7254,17 +7769,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_d7( +static KRML_MUSTINLINE void ntt_vector_u_ed( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_c0(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_c1(&zeta_i, re); - ntt_at_layer_2_46(&zeta_i, re); - ntt_at_layer_1_c9(&zeta_i, re); - poly_barrett_reduce_89_55(re); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_34(&zeta_i, re); + ntt_at_layer_2_7b(&zeta_i, re); + ntt_at_layer_1_4f(&zeta_i, re); + poly_barrett_reduce_89_2c(re); } /** @@ -7279,12 +7794,12 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_200( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, @@ -7303,8 +7818,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_200( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); - ntt_vector_u_d7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7318,8 +7833,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_67(Eurydice_slice serialized) { - return deserialize_then_decompress_4_b6(serialized); +deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { + return deserialize_then_decompress_4_34(serialized); } /** @@ -7335,17 +7850,17 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f60( +compute_message_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e0(&result, &product);); - invert_ntt_montgomery_d40(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_930(&result, &product);); + invert_ntt_montgomery_860(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -7383,20 +7898,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_180( +static void decrypt_unpacked_e70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_200(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f60(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7410,8 +7925,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f1(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -7436,14 +7951,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_180(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -7455,7 +7970,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -7465,7 +7980,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974( + libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -7474,9 +7989,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = @@ -7485,11 +8000,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_650(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -7510,12 +8025,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b0( +static KRML_MUSTINLINE void deserialize_secret_key_010( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7527,7 +8042,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7545,10 +8060,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_6b0(secret_key, secret_as_ntt); + deserialize_secret_key_010(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7560,7 +8075,7 @@ static void decrypt_4a0(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_180(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7586,7 +8101,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_710( +void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -7605,9 +8120,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -7616,7 +8131,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_110( + G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -7626,14 +8141,14 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_974(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f01(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f1( + PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -7641,18 +8156,18 @@ void libcrux_ml_kem_ind_cca_decapsulate_710( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_f70(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_26( + kdf_af_e8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_26(shared_secret0, shared_secret); + kdf_af_e8(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f01(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -7676,12 +8191,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -7693,7 +8208,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_520( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7711,7 +8226,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_e8( +static KRML_MUSTINLINE void serialize_secret_key_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -7730,7 +8245,7 @@ static KRML_MUSTINLINE void serialize_secret_key_e8( (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_05(&re, ret0); + serialize_uncompressed_ring_element_f6(&re, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), @@ -7750,7 +8265,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_9a( +static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; @@ -7758,7 +8273,7 @@ static KRML_MUSTINLINE void serialize_public_key_9a( Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_e8(t_as_ntt, ret0); + serialize_secret_key_f8(t_as_ntt, ret0); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), @@ -7779,15 +8294,15 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_99(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_520( + deserialize_ring_elements_reduced_720( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), @@ -7818,7 +8333,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_11(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -7829,10 +8344,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_82( +static void closure_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -7850,7 +8365,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_41(uint8_t input[3U][34U]) { +shake128_init_absorb_75(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, @@ -7881,11 +8396,11 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_51(uint8_t input[3U][34U]) { +shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_41(copy_of_input); + return shake128_init_absorb_75(copy_of_input); } /** @@ -7894,7 +8409,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_54( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( @@ -7916,9 +8431,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_7f( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_54(self, ret); + shake128_squeeze_three_blocks_10(self, ret); } /** @@ -7969,7 +8484,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_02( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8008,7 +8523,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_88(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8029,9 +8544,9 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_68( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_88(self, ret); + shake128_squeeze_block_ed(self, ret); } /** @@ -8082,7 +8597,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_020( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8122,9 +8637,9 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_13( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_48(Eurydice_array_to_subslice2( + return from_i16_array_89_6b(Eurydice_array_to_subslice2( s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } @@ -8135,7 +8650,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_f6( +static KRML_MUSTINLINE void sample_from_xof_2b( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -8143,25 +8658,25 @@ static KRML_MUSTINLINE void sample_from_xof_f6( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_51(copy_of_seeds); + PortableHash_58 xof_state = shake128_init_absorb_f1_11(copy_of_seeds); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_7f(&xof_state, randomness0); + shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_02( + bool done = sample_from_uniform_distribution_next_05( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_68(&xof_state, randomness); + shake128_squeeze_block_f1_c1(&xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_020( + done = sample_from_uniform_distribution_next_050( copy_of_randomness, sampled_coefficients, out); } } @@ -8170,7 +8685,7 @@ static KRML_MUSTINLINE void sample_from_xof_f6( memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_13(copy_of_out[i]);); + ret0[i] = closure_99(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8183,12 +8698,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_55( +static KRML_MUSTINLINE void sample_matrix_A_23( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_82(A_transpose[i]);); + closure_e8(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; /* Passing arrays by value in Rust generates a copy in C */ @@ -8203,7 +8718,7 @@ static KRML_MUSTINLINE void sample_matrix_A_55( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_f6(copy_of_seeds, sampled); + sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8244,7 +8759,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_63(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; @@ -8266,9 +8781,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_77(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_63(input, ret); + PRFxN_1d(input, ret); } /** @@ -8284,11 +8799,11 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_02();); + re_as_ntt[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8300,12 +8815,12 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_01( prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_e3( + re_as_ntt[i0] = sample_from_binomial_distribution_66( Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_d5(&re_as_ntt[i0]);); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8333,7 +8848,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_8e( +static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; @@ -8362,14 +8877,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_a5( +static KRML_MUSTINLINE void compute_As_plus_e_da( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8392,10 +8907,10 @@ static KRML_MUSTINLINE void compute_As_plus_e_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - add_standard_error_reduce_89_0b(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, @@ -8452,10 +8967,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_a9( +static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_11(key_generation_seed, hashed); + G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8463,15 +8978,15 @@ static tuple_9b generate_keypair_unpacked_a9( Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed_for_A0, ret); - sample_matrix_A_55(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); + sample_matrix_A_23(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, @@ -8483,10 +8998,10 @@ static tuple_9b generate_keypair_unpacked_a9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_01(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_a5(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], @@ -8540,10 +9055,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f2( +static void closure_57( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_02();); + ret[i] = ZERO_89_39();); } /** @@ -8555,7 +9070,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_af(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8573,7 +9088,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8582,18 +9097,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_a9(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f2(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_93(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8603,13 +9118,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0d(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_9a( + serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_af(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; @@ -8653,18 +9168,18 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e8( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_a9(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_9a(pk.t_as_ntt, + serialize_public_key_80(pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, Eurydice_slice), public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_e8(sk.secret_as_ntt, secret_key_serialized); + serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; memcpy(copy_of_secret_key_serialized, secret_key_serialized, @@ -8691,7 +9206,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_97( +static KRML_MUSTINLINE void serialize_kem_secret_key_a8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8720,7 +9235,7 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_97( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; - H_f1_af(public_key, ret0); + H_f1_2e(public_key, ret0); core_slice___Slice_T___copy_from_slice( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), @@ -8761,7 +9276,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -8771,13 +9286,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e8(ind_cpa_keypair_randomness); + generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_97( + serialize_kem_secret_key_a8( Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, @@ -8788,13 +9303,13 @@ libcrux_ml_kem_ind_cca_generate_keypair_6f(uint8_t randomness[64U]) { memcpy(copy_of_secret_key_serialized, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_e0(copy_of_secret_key_serialized); + libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_public_key[1184U]; memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_2c( - uu____2, libcrux_ml_kem_types_from_b6_57(copy_of_public_key)); + return libcrux_ml_kem_types_from_17_c90( + uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); } /** @@ -8810,10 +9325,10 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_02();); + error_1[i] = ZERO_89_39();); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); @@ -8825,11 +9340,11 @@ sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_77(prf_inputs, prf_outputs); + PRFxN_f1_89(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ @@ -8855,9 +9370,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_6f0(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, uint8_t ret[128U]) { - PRF_b60(input, ret); + PRF_3a0(input, ret); } /** @@ -8866,18 +9381,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_d4( +static KRML_MUSTINLINE void invert_ntt_montgomery_86( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_2a(&zeta_i, re); - invert_ntt_at_layer_2_84(&zeta_i, re); - invert_ntt_at_layer_3_75(&zeta_i, re); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_0f(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_55(re); + invert_ntt_at_layer_1_9f(&zeta_i, re); + invert_ntt_at_layer_2_a6(&zeta_i, re); + invert_ntt_at_layer_3_61(&zeta_i, re); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_2c(re); } /** @@ -8889,14 +9404,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_57( +static KRML_MUSTINLINE void compute_vector_u_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_02();); + result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( @@ -8918,11 +9433,11 @@ static KRML_MUSTINLINE void compute_vector_u_57( size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(a_element, &r_as_ntt[j]); - add_to_ring_element_89_8e(&result[i1], &product); + ntt_multiply_89_d5(a_element, &r_as_ntt[j]); + add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_d4(&result[i1]); - add_error_reduce_89_b9(&result[i1], &error_1[i1]); + invert_ntt_montgomery_86(&result[i1]); + add_error_reduce_89_08(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8939,18 +9454,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_c8( +compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = add_message_error_reduce_89_11(error_2, message, result); + ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = add_message_error_reduce_89_8b(error_2, message, result); return result; } @@ -8966,7 +9481,7 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_25( +static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; @@ -8984,7 +9499,7 @@ static void compress_then_serialize_u_25( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_d8(&re, ret); + compress_then_serialize_ring_element_u_2f(&re, ret); core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), @@ -9051,15 +9566,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_65( +static void encrypt_unpacked_6c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_972(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_01(copy_of_prf_input0, 0U); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, @@ -9069,7 +9584,7 @@ static void encrypt_unpacked_65( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9077,32 +9592,32 @@ static void encrypt_unpacked_65( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_6f0( + PRF_f1_040( Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_e3(Eurydice_array_to_slice( + sample_from_binomial_distribution_66(Eurydice_array_to_slice( (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_57(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_cb(copy_of_message); + deserialize_then_decompress_message_f6(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_c8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_25( + compress_then_serialize_u_24( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_d6( + compress_then_serialize_ring_element_v_31( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -9128,11 +9643,11 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9144,7 +9659,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9159,7 +9674,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_65(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9170,7 +9685,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_86( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9191,7 +9706,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_d2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9213,12 +9728,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_02();); + deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9230,7 +9745,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_52( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_d2(ring_element); + deserialize_to_reduced_ring_element_ad(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9256,10 +9771,10 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_52( + deserialize_ring_elements_reduced_72( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -9267,8 +9782,8 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_971(seed, ret0); - sample_matrix_A_55(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); + sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); @@ -9302,7 +9817,7 @@ static void encrypt_f7(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_65(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9317,7 +9832,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_69(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; core_slice___Slice_T___copy_from_slice( @@ -9345,15 +9860,15 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_d2( + entropy_preprocess_af_6c( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, Eurydice_slice), to_hash); @@ -9361,8 +9876,8 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_af(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), + H_f1_2e(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); core_slice___Slice_T___copy_from_slice( @@ -9370,7 +9885,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9380,20 +9895,20 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_9d( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_1f(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_f7(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_20(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_69(shared_secret, shared_secret_array); + kdf_af_b6(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9417,12 +9932,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_20( +static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_02();); + u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len( Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, @@ -9441,8 +9956,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_20( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_45(u_bytes); - ntt_vector_u_d7(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); + ntt_vector_u_ed(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9462,17 +9977,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_f6( +compute_message_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_02(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_f7(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_8e(&result, &product);); - invert_ntt_montgomery_d4(&result); - result = subtract_reduce_89_d2(v, result); + ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_93(&result, &product);); + invert_ntt_montgomery_86(&result); + result = subtract_reduce_89_7d(v, result); return result; } @@ -9510,20 +10025,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_18( +static void decrypt_unpacked_e7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_20(ciphertext, u_as_ntt); + deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_67( + deserialize_then_decompress_ring_element_v_30( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_f6(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ef(message, ret0); + compress_then_serialize_message_3a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9537,8 +10052,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_6f(Eurydice_slice input, uint8_t ret[32U]) { - PRF_b6(input, ret); +static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { + PRF_3a(input, ret); } /** @@ -9563,14 +10078,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_18(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( @@ -9582,7 +10097,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t, Eurydice_slice), uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( @@ -9592,7 +10107,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970( + libcrux_ml_kem_utils_into_padded_array_2d3( Eurydice_array_to_slice((size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t, Eurydice_slice), @@ -9601,9 +10116,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = @@ -9612,11 +10127,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_65(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -9637,12 +10152,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_6b( +static KRML_MUSTINLINE void deserialize_secret_key_01( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_02();); + secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; @@ -9654,7 +10169,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_6b( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_00(secret_bytes); + deserialize_to_uncompressed_ring_element_05(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9672,10 +10187,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_6b(secret_key, secret_as_ntt); + deserialize_secret_key_01(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -9687,7 +10202,7 @@ static void decrypt_4a(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_18(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9713,7 +10228,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_71( +void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( @@ -9732,9 +10247,9 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_4a(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_97( + libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); core_slice___Slice_T___copy_from_slice( @@ -9743,7 +10258,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t, size_t, Eurydice_slice), ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_11( + G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( @@ -9753,14 +10268,14 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_970(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_f0(ciphertext), uint8_t, void *); + uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_6f( + PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; @@ -9768,17 +10283,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_71( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_f7(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_69( + kdf_af_b6( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_69(shared_secret0, shared_secret); + kdf_af_b6(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_f0(ciphertext), + libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 59e15235c..3d3735079 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_mlkem_portable_H @@ -39,49 +39,10 @@ void libcrux_ml_kem_hash_functions_portable_H(Eurydice_slice input, #define LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R \ (62209U) -typedef struct int16_t_x8_s { - int16_t fst; - int16_t snd; - int16_t thd; - int16_t f3; - int16_t f4; - int16_t f5; - int16_t f6; - int16_t f7; -} int16_t_x8; - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice bytes); - typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_s { int16_t elements[16U]; } libcrux_ml_kem_vector_portable_vector_type_PortableVector; -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_vector_type_zero(void); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); - -void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_to_i16_array_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector x, - int16_t ret[16U]); - libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_vector_type_from_i16_array(Eurydice_slice array); @@ -92,55 +53,6 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array); -typedef struct uint8_t_x5_s { - uint8_t fst; - uint8_t snd; - uint8_t thd; - uint8_t f3; - uint8_t f4; -} uint8_t_x5; - -uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_slice v); - -void libcrux_ml_kem_vector_portable_serialize_serialize_5( - libcrux_ml_kem_vector_portable_vector_type_PortableVector v, - uint8_t ret[10U]); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -void libcrux_ml_kem_vector_portable_serialize_5_0d( - libcrux_ml_kem_vector_portable_vector_type_PortableVector a, - uint8_t ret[10U]); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); - -int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice bytes); - -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); - -/** -This function found in impl {(libcrux_ml_kem::vector::traits::Operations for -libcrux_ml_kem::vector::portable::vector_type::PortableVector)} -*/ -libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); - typedef struct uint8_t_x11_s { uint8_t fst; uint8_t snd; @@ -170,9 +82,23 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[22U]); +typedef struct int16_t_x8_s { + int16_t fst; + int16_t snd; + int16_t thd; + int16_t f3; + int16_t f4; + int16_t f5; + int16_t f6; + int16_t f7; +} int16_t_x8; + int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes); +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_vector_type_zero(void); + libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes); @@ -183,6 +109,22 @@ libcrux_ml_kem::vector::portable::vector_type::PortableVector)} libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_deserialize_11_0d(Eurydice_slice a); +void libcrux_ml_kem_vector_portable_vector_type_to_i16_array( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_to_i16_array_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector x, + int16_t ret[16U]); + +extern const uint8_t + libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[256U] + [16U]; + /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::portable::vector_type::PortableVector)} @@ -559,6 +501,55 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[8U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a); + +typedef struct uint8_t_x5_s { + uint8_t fst; + uint8_t snd; + uint8_t thd; + uint8_t f3; + uint8_t f4; +} uint8_t_x5; + +uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int( + Eurydice_slice v); + +void libcrux_ml_kem_vector_portable_serialize_serialize_5( + libcrux_ml_kem_vector_portable_vector_type_PortableVector v, + uint8_t ret[10U]); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +void libcrux_ml_kem_vector_portable_serialize_5_0d( + libcrux_ml_kem_vector_portable_vector_type_PortableVector a, + uint8_t ret[10U]); + +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a); + uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int( Eurydice_slice v); @@ -574,6 +565,19 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, uint8_t ret[20U]); +int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( + Eurydice_slice bytes); + +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes); + +/** +This function found in impl {(libcrux_ml_kem::vector::traits::Operations for +libcrux_ml_kem::vector::portable::vector_type::PortableVector)} +*/ +libcrux_ml_kem_vector_portable_vector_type_PortableVector +libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a); + typedef struct uint8_t_x3_s { uint8_t fst; uint8_t snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index cf02dc3bc..89cc9f803 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_H @@ -29,7 +29,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd(buf0, buf); + libcrux_sha3_portable_keccakx1_2a(buf0, buf); } /** @@ -39,7 +39,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd0(buf0, buf); + libcrux_sha3_portable_keccakx1_2a0(buf0, buf); } /** @@ -49,7 +49,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd1(buf0, buf); + libcrux_sha3_portable_keccakx1_2a1(buf0, buf); } /** @@ -59,7 +59,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd2(buf0, buf); + libcrux_sha3_portable_keccakx1_2a2(buf0, buf); } /** @@ -69,7 +69,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd3(buf0, buf); + libcrux_sha3_portable_keccakx1_2a3(buf0, buf); } /** @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_fd4(buf0, buf); + libcrux_sha3_portable_keccakx1_2a4(buf0, buf); } /** diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 814ac74f7..8f3f323a2 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,69 +5,2313 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ -#include "libcrux_sha3_avx2.h" +#include "internal/libcrux_sha3_avx2.h" + +#include "internal/libcrux_core.h" + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +} + +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + return _veor5q_u64(a, b, c, d, e); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); +} + +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { + return _vrax1q_u64(a, b); +} + +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { + return _vbcaxq_u64(a, b, c); +} + +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { + return _veorq_n_u64(a, c); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +} + +static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, + size_t len, Eurydice_slice ret[4U]) { + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret0[4U]; + slice_4(copy_of_a, start, len, ret0); + memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); +} + +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_4(Eurydice_slice out[4U], size_t mid) { + Eurydice_slice out0 = out[0U]; + Eurydice_slice out1 = out[1U]; + Eurydice_slice out2 = out[2U]; + Eurydice_slice out3 = out[3U]; + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out00 = uu____0.fst; + Eurydice_slice out01 = uu____0.snd; + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out10 = uu____1.fst; + Eurydice_slice out11 = uu____1.snd; + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out20 = uu____2.fst; + Eurydice_slice out21 = uu____2.snd; + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice out30 = uu____3.fst; + Eurydice_slice out31 = uu____3.snd; + Eurydice_slice_uint8_t_4size_t__x2 lit; + lit.fst[0U] = out00; + lit.fst[1U] = out10; + lit.fst[2U] = out20; + lit.fst[3U] = out30; + lit.snd[0U] = out01; + lit.snd[1U] = out11; + lit.snd[2U] = out21; + lit.snd[3U] = out31; + return lit; +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +static KRML_MUSTINLINE Eurydice_slice_uint8_t_4size_t__x2 +split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { + return split_at_mut_4(a, mid); +} + +/** + Create a new Shake128 x4 state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_1e +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 +new_1e_16(void) { + libcrux_sha3_generic_keccak_KeccakState_29 lit; + lit.st[0U][0U] = zero_ef(); + lit.st[0U][1U] = zero_ef(); + lit.st[0U][2U] = zero_ef(); + lit.st[0U][3U] = zero_ef(); + lit.st[0U][4U] = zero_ef(); + lit.st[1U][0U] = zero_ef(); + lit.st[1U][1U] = zero_ef(); + lit.st[1U][2U] = zero_ef(); + lit.st[1U][3U] = zero_ef(); + lit.st[1U][4U] = zero_ef(); + lit.st[2U][0U] = zero_ef(); + lit.st[2U][1U] = zero_ef(); + lit.st[2U][2U] = zero_ef(); + lit.st[2U][3U] = zero_ef(); + lit.st[2U][4U] = zero_ef(); + lit.st[3U][0U] = zero_ef(); + lit.st[3U][1U] = zero_ef(); + lit.st[3U][2U] = zero_ef(); + lit.st[3U][3U] = zero_ef(); + lit.st[3U][4U] = zero_ef(); + lit.st[4U][0U] = zero_ef(); + lit.st[4U][1U] = zero_ef(); + lit.st[4U][2U] = zero_ef(); + lit.st[4U][3U] = zero_ef(); + lit.st[4U][4U] = zero_ef(); + return lit; +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_580(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 36 +- RIGHT= 28 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { + return _vxarq_u64_c1(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_581(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 3 +- RIGHT= 61 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { + return _vxarq_u64_c10(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_582(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 41 +- RIGHT= 23 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { + return _vxarq_u64_c11(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_583(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 18 +- RIGHT= 46 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { + return _vxarq_u64_c12(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_58(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 1 +- RIGHT= 63 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { + return _vxarq_u64_c13(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_584(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 44 +- RIGHT= 20 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { + return _vxarq_u64_c14(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_585(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 10 +- RIGHT= 54 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { + return _vxarq_u64_c15(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_586(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 45 +- RIGHT= 19 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { + return _vxarq_u64_c16(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_587(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 2 +- RIGHT= 62 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { + return _vxarq_u64_c17(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_588(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 62 +- RIGHT= 2 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { + return _vxarq_u64_c18(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_589(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 6 +- RIGHT= 58 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { + return _vxarq_u64_c19(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5810(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 43 +- RIGHT= 21 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { + return _vxarq_u64_c110(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5811(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 15 +- RIGHT= 49 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { + return _vxarq_u64_c111(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5812(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 61 +- RIGHT= 3 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { + return _vxarq_u64_c112(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5813(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 28 +- RIGHT= 36 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { + return _vxarq_u64_c113(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5814(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 55 +- RIGHT= 9 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { + return _vxarq_u64_c114(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5815(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 25 +- RIGHT= 39 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { + return _vxarq_u64_c115(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5816(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 21 +- RIGHT= 43 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { + return _vxarq_u64_c116(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5817(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 56 +- RIGHT= 8 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { + return _vxarq_u64_c117(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5818(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 27 +- RIGHT= 37 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { + return _vxarq_u64_c118(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5819(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 20 +- RIGHT= 44 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { + return _vxarq_u64_c119(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5820(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 39 +- RIGHT= 25 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { + return _vxarq_u64_c120(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5821(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 8 +- RIGHT= 56 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { + return _vxarq_u64_c121(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.rotate_left +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2._vxarq_u64 +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return rotate_left_5822(ab); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.xor_and_rotate_ef +with const generics +- LEFT= 14 +- RIGHT= 50 +*/ +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { + return _vxarq_u64_c122(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void theta_rho_71( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = + rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], + c[((size_t)0U + (size_t)1U) % (size_t)5U]); + __m256i uu____1 = + rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], + c[((size_t)1U + (size_t)1U) % (size_t)5U]); + __m256i uu____2 = + rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], + c[((size_t)2U + (size_t)1U) % (size_t)5U]); + __m256i uu____3 = + rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], + c[((size_t)3U + (size_t)1U) % (size_t)5U]); + __m256i t[5U] = { + uu____0, uu____1, uu____2, uu____3, + rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], + c[((size_t)4U + (size_t)1U) % (size_t)5U])}; + s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[4U][4U] = uu____27; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.pi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void pi_01( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + s->st[0U][1U] = old[1U][1U]; + s->st[0U][2U] = old[2U][2U]; + s->st[0U][3U] = old[3U][3U]; + s->st[0U][4U] = old[4U][4U]; + s->st[1U][0U] = old[0U][3U]; + s->st[1U][1U] = old[1U][4U]; + s->st[1U][2U] = old[2U][0U]; + s->st[1U][3U] = old[3U][1U]; + s->st[1U][4U] = old[4U][2U]; + s->st[2U][0U] = old[0U][1U]; + s->st[2U][1U] = old[1U][2U]; + s->st[2U][2U] = old[2U][3U]; + s->st[2U][3U] = old[3U][4U]; + s->st[2U][4U] = old[4U][0U]; + s->st[3U][0U] = old[0U][4U]; + s->st[3U][1U] = old[1U][0U]; + s->st[3U][2U] = old[2U][1U]; + s->st[3U][3U] = old[3U][2U]; + s->st[3U][4U] = old[4U][3U]; + s->st[4U][0U] = old[0U][2U]; + s->st[4U][1U] = old[1U][3U]; + s->st[4U][2U] = old[2U][4U]; + s->st[4U][3U] = old[3U][0U]; + s->st[4U][4U] = old[4U][1U]; +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.chi +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void chi_9b( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + KRML_MAYBE_FOR5( + i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; + KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; + s->st[i1][j] = and_not_xor_ef( + s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], + old[i1][(j + (size_t)1U) % (size_t)5U]););); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.iota +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void iota_09( + libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { + s->st[0U][0U] = xor_constant_ef( + s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 +with types core_core_arch_x86___m256i +with const generics +- N= 4 +*/ +static KRML_MUSTINLINE void keccakf1600_07( + libcrux_sha3_generic_keccak_KeccakState_29 *s) { + for (size_t i = (size_t)0U; i < (size_t)24U; i++) { + size_t i0 = i; + theta_rho_71(s); + pi_01(s); + chi_9b(s); + iota_09(s, i0); + } +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void absorb_block_37( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { + __m256i(*uu____0)[5U] = s->st; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); + load_block_ef_6a(uu____0, uu____1); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c7(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + __m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_05(uu____3, uu____4); + keccakf1600_07(s); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)136U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { + uint8_t out0[200U] = {0U}; + uint8_t out1[200U] = {0U}; + uint8_t out2[200U] = {0U}; + uint8_t out3[200U] = {0U}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + store_block_e9(s, buf); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____3[200U]; + memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { + store_block_full_0b(a, ret); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_and_last_a4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + uint8_t b[4U][200U]; + store_block_full_ef_99(s->st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 136 +*/ +static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_e9(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e9( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f6(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +*/ +static KRML_MUSTINLINE void squeeze_last_77( + libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { + keccakf1600_07(&s); + uint8_t b[4U][200U]; + store_block_full_ef_99(s.st, b); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; + core_ops_range_Range_b3 lit; lit.start = (size_t)0U; + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.keccak +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 136 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], + Eurydice_slice out[4U]) { + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { + size_t i0 = i; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_37(uu____0, ret); + } + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice ret[4U]; + slice_n_ef(copy_of_data, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = outlen / (size_t)136U; + size_t last = outlen - outlen % (size_t)136U; + if (blocks == (size_t)0U) { + squeeze_first_and_last_a4(&s, out); + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____4 = + split_at_mut_n_ef(out, (size_t)136U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o1[4U]; + memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e9(&s, o0); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_4size_t__x2 uu____5 = + split_at_mut_n_ef(o1, (size_t)136U); + Eurydice_slice o[4U]; + memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice orest[4U]; + memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c(&s, o); + memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); + } + } + if (last < outlen) { + squeeze_last_77(s, o1); + } + } +} /** Perform 4 SHAKE256 operations in parallel */ -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( - Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, - Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, - Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); +void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, + Eurydice_slice input2, Eurydice_slice input3, + Eurydice_slice out0, Eurydice_slice out1, + Eurydice_slice out2, Eurydice_slice out3) { + Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + keccak_14(buf0, buf); } /** Initialise the [`KeccakState`]. */ -KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + return new_1e_16(); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], + Eurydice_slice blocks[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, __m256i); + __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, __m256i); + __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, __m256i); + __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, __m256i); + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + } +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; + load_block_c70(s, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +- DELIM= 31 +*/ +static KRML_MUSTINLINE void absorb_final_5e0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + uint8_t blocks[4U][200U] = {{0U}}; + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + if (last_len > (size_t)0U) { + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); + } blocks[i0][last_len] = 31U; + size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; + blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); + __m256i(*uu____3)[5U] = s->st; + uint8_t uu____4[4U][200U]; + memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_ef_050(uu____3, uu____4); + keccakf1600_07(s); } /** Absorb */ -KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, +void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + absorb_final_5e0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], + Eurydice_slice out[4U]) { + for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { + size_t i0 = i; + __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v0); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v1); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v2); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), + v3); + } + size_t rem = (size_t)168U % (size_t)32U; + size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); + uint8_t u8s[32U] = {0U}; + size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; + size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + if (rem == (size_t)16U) { + uint8_t u8s0[32U] = {0U}; + size_t i = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; + size_t j = + ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: +usize> for core::core_arch::x86::__m256i)} +*/ +/** +A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef +with const generics +- BLOCKSIZE= 168 +*/ +static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + store_block_e90(a, b); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_next_block_1c0( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + keccakf1600_07(s); + store_block_ef_f60(s->st, out); } /** Squeeze another block */ -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_block_e90( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + store_block_ef_f60(s->st, out); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o2[4U]; + memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + squeeze_next_block_1c0(s, o2); } /** Squeeze three blocks */ -KRML_MUSTINLINE void -libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, +void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_five_blocks +with types core_core_arch_x86___m256i +with const generics +- N= 4 +- RATE= 168 +*/ +static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { + Eurydice_slice_uint8_t_4size_t__x2 uu____0 = + split_at_mut_n_ef(out, (size_t)168U); + Eurydice_slice o0[4U]; + memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o10[4U]; + memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_first_block_e90(s, o0); + Eurydice_slice_uint8_t_4size_t__x2 uu____1 = + split_at_mut_n_ef(o10, (size_t)168U); + Eurydice_slice o1[4U]; + memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o20[4U]; + memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o1); + Eurydice_slice_uint8_t_4size_t__x2 uu____2 = + split_at_mut_n_ef(o20, (size_t)168U); + Eurydice_slice o2[4U]; + memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o30[4U]; + memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o2); + Eurydice_slice_uint8_t_4size_t__x2 uu____3 = + split_at_mut_n_ef(o30, (size_t)168U); + Eurydice_slice o3[4U]; + memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice o4[4U]; + memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); + squeeze_next_block_1c0(s, o3); + squeeze_next_block_1c0(s, o4); } /** @@ -75,22 +2319,20 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_five_blocks_e4(s, buf); } /** Absorb */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {data0, data1, data2, data3}; + libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); } /** @@ -98,11 +2340,10 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_first_block_e9(s, buf); } /** @@ -110,9 +2351,8 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( */ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "panic!"); - KRML_HOST_EXIT(255U); + Eurydice_slice buf[4U] = {out0, out1, out2, out3}; + squeeze_next_block_1c(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2354d05fe..7db033a15 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_avx2_H @@ -20,7 +20,18 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_avx2.h" -#include "libcrux_sha3_neon.h" +#include "libcrux_core.h" +#include "libcrux_sha3_internal.h" + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState +with types core_core_arch_x86___m256i +with const generics +- $4size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { + __m256i st[5U][5U]; +} libcrux_sha3_generic_keccak_KeccakState_29; /** Perform 4 SHAKE256 operations in parallel @@ -30,63 +41,59 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -typedef struct libcrux_sha3_avx2_x4_incremental_KeccakState_s { - libcrux_sha3_generic_keccak_KeccakState_fc state[2U]; -} libcrux_sha3_avx2_x4_incremental_KeccakState; - /** Initialise the [`KeccakState`]. */ -libcrux_sha3_avx2_x4_incremental_KeccakState +libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze another block */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze three blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze five blocks */ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Absorb */ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice data0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); /** Squeeze block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); /** Squeeze next block */ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( - libcrux_sha3_avx2_x4_incremental_KeccakState *s, Eurydice_slice out0, + libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b0f8e37b8..6ed85eaba 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_34(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_34(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); } /** @@ -202,7 +202,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_7a(void) { +libcrux_sha3_generic_keccak_new_1e_f2(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -237,7 +237,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -262,11 +262,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de(s, buf); + libcrux_sha3_portable_keccak_load_block_b3(s, buf); } /** @@ -278,13 +278,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -294,7 +294,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_340(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -305,9 +305,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_340(ab); + return libcrux_sha3_portable_keccak_rotate_left_db0(ab); } /** @@ -321,8 +321,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); } /** @@ -332,7 +332,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_341(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -343,9 +343,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_341(ab); + return libcrux_sha3_portable_keccak_rotate_left_db1(ab); } /** @@ -359,8 +359,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); } /** @@ -370,7 +370,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_342(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -381,9 +381,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_342(ab); + return libcrux_sha3_portable_keccak_rotate_left_db2(ab); } /** @@ -397,8 +397,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); } /** @@ -408,7 +408,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_343(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -419,9 +419,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_343(ab); + return libcrux_sha3_portable_keccak_rotate_left_db3(ab); } /** @@ -435,8 +435,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); } /** @@ -446,9 +446,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_34(ab); + return libcrux_sha3_portable_keccak_rotate_left_db(ab); } /** @@ -462,8 +462,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); } /** @@ -473,7 +473,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_344(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -484,9 +484,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_344(ab); + return libcrux_sha3_portable_keccak_rotate_left_db4(ab); } /** @@ -500,8 +500,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); } /** @@ -511,7 +511,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_345(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -522,9 +522,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_345(ab); + return libcrux_sha3_portable_keccak_rotate_left_db5(ab); } /** @@ -538,8 +538,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); } /** @@ -549,7 +549,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_346(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -560,9 +560,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_346(ab); + return libcrux_sha3_portable_keccak_rotate_left_db6(ab); } /** @@ -576,8 +576,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); } /** @@ -587,7 +587,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_347(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -598,9 +598,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_347(ab); + return libcrux_sha3_portable_keccak_rotate_left_db7(ab); } /** @@ -614,8 +614,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); } /** @@ -625,7 +625,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_348(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -636,9 +636,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_348(ab); + return libcrux_sha3_portable_keccak_rotate_left_db8(ab); } /** @@ -652,8 +652,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); } /** @@ -663,7 +663,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_349(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -674,9 +674,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_349(ab); + return libcrux_sha3_portable_keccak_rotate_left_db9(ab); } /** @@ -690,8 +690,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); } /** @@ -701,7 +701,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3410(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -712,9 +712,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3410(ab); + return libcrux_sha3_portable_keccak_rotate_left_db10(ab); } /** @@ -728,8 +728,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); } /** @@ -739,7 +739,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3411(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -750,9 +750,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3411(ab); + return libcrux_sha3_portable_keccak_rotate_left_db11(ab); } /** @@ -766,8 +766,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); } /** @@ -777,7 +777,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3412(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -788,9 +788,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3412(ab); + return libcrux_sha3_portable_keccak_rotate_left_db12(ab); } /** @@ -804,8 +804,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); } /** @@ -815,7 +815,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3413(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -826,9 +826,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3413(ab); + return libcrux_sha3_portable_keccak_rotate_left_db13(ab); } /** @@ -842,8 +842,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); } /** @@ -853,7 +853,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3414(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -864,9 +864,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3414(ab); + return libcrux_sha3_portable_keccak_rotate_left_db14(ab); } /** @@ -880,8 +880,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); } /** @@ -891,7 +891,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3415(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -902,9 +902,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3415(ab); + return libcrux_sha3_portable_keccak_rotate_left_db15(ab); } /** @@ -918,8 +918,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); } /** @@ -929,7 +929,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3416(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -940,9 +940,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3416(ab); + return libcrux_sha3_portable_keccak_rotate_left_db16(ab); } /** @@ -956,8 +956,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); } /** @@ -967,7 +967,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3417(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -978,9 +978,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3417(ab); + return libcrux_sha3_portable_keccak_rotate_left_db17(ab); } /** @@ -994,8 +994,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); } /** @@ -1005,7 +1005,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3418(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1016,9 +1016,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3418(ab); + return libcrux_sha3_portable_keccak_rotate_left_db18(ab); } /** @@ -1032,8 +1032,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); } /** @@ -1043,7 +1043,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3419(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1054,9 +1054,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3419(ab); + return libcrux_sha3_portable_keccak_rotate_left_db19(ab); } /** @@ -1070,8 +1070,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); } /** @@ -1081,7 +1081,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3420(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1092,9 +1092,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3420(ab); + return libcrux_sha3_portable_keccak_rotate_left_db20(ab); } /** @@ -1108,8 +1108,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); } /** @@ -1119,7 +1119,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3421(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1130,9 +1130,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3421(ab); + return libcrux_sha3_portable_keccak_rotate_left_db21(ab); } /** @@ -1146,8 +1146,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); } /** @@ -1157,7 +1157,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_3422(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1168,9 +1168,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_6e22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_3422(ab); + return libcrux_sha3_portable_keccak_rotate_left_db22(ab); } /** @@ -1184,8 +1184,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_6e22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); } /** @@ -1194,7 +1194,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1230,53 +1230,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_8d( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_65(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_650(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_651(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_652(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_653(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_654(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_655(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_656(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_657(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_658(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_659(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6510(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6511(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6512(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6513(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6514(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6515(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6516(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6517(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6518(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6519(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6520(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6521(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_6522(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1286,7 +1286,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_ac( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1322,7 +1322,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_c7( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1340,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_4f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1352,14 +1352,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_13( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_8d(s); - libcrux_sha3_generic_keccak_pi_ac(s); - libcrux_sha3_generic_keccak_chi_c7(s); - libcrux_sha3_generic_keccak_iota_4f(s, i0); + libcrux_sha3_generic_keccak_theta_rho_eb(s); + libcrux_sha3_generic_keccak_pi_b8(s); + libcrux_sha3_generic_keccak_chi_1f(s); + libcrux_sha3_generic_keccak_iota_83(s, i0); } } @@ -1371,7 +1371,7 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1390,8 +1390,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_25( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1399,7 +1399,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_39( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -1424,9 +1424,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_48( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_39(a, b); + libcrux_sha3_portable_keccak_store_block_58(a, b); } /** @@ -1436,10 +1436,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1449,9 +1449,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_58( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_48(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); } /** @@ -1459,7 +1459,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1484,11 +1484,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de0(s, buf); + libcrux_sha3_portable_keccak_load_block_b30(s, buf); } /** @@ -1500,13 +1500,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1517,7 +1517,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1536,8 +1536,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_250( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1545,7 +1545,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_390( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1570,9 +1570,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_480( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_390(a, b); + libcrux_sha3_portable_keccak_store_block_580(a, b); } /** @@ -1582,9 +1582,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_580( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1594,10 +1594,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c80( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_480(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); } /** @@ -1609,13 +1609,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1625,13 +1625,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_243( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1639,12 +1639,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e03( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_39(s, buf); + libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1661,9 +1661,9 @@ with const generics - BLOCKSIZE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_883(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e03(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); } /** @@ -1674,10 +1674,10 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_653( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1700,11 +1700,11 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_123( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_883(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -1728,10 +1728,10 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { @@ -1743,7 +1743,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_243(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; @@ -1755,12 +1755,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_25(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_653(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1768,7 +1768,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_58(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1786,12 +1786,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf4( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c8(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_123(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); } } } @@ -1802,12 +1802,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf4(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** @@ -1815,7 +1815,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1844,13 +1844,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -1860,13 +1860,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_242( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1874,11 +1874,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de3(s, buf); + libcrux_sha3_portable_keccak_load_block_b33(s, buf); } /** @@ -1890,13 +1890,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -1907,7 +1907,7 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -1926,8 +1926,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_254( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d3(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -1935,7 +1935,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_393( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1956,12 +1956,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e02( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_393(s, buf); + libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -1978,9 +1978,9 @@ with const generics - BLOCKSIZE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_882(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e02(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); } /** @@ -1991,10 +1991,10 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_652( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2019,9 +2019,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_483( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_393(a, b); + libcrux_sha3_portable_keccak_store_block_583(a, b); } /** @@ -2031,9 +2031,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_583( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2043,10 +2043,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_483(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); } /** @@ -2056,11 +2056,11 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_122( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_882(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2084,10 +2084,10 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { @@ -2099,7 +2099,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_242(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; @@ -2111,12 +2111,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_254(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_652(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2124,7 +2124,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_583(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2142,12 +2142,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf3( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c83(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_122(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); } } } @@ -2158,12 +2158,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf3(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -2171,7 +2171,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2200,13 +2200,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2216,13 +2216,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_241( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2230,11 +2230,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de2(s, buf); + libcrux_sha3_portable_keccak_load_block_b32(s, buf); } /** @@ -2246,13 +2246,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2263,7 +2263,7 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2282,8 +2282,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_253( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d2(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2291,7 +2291,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_392( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2312,12 +2312,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e01( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_392(s, buf); + libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2334,9 +2334,9 @@ with const generics - BLOCKSIZE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_881(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e01(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); } /** @@ -2347,10 +2347,10 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_651( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2375,9 +2375,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_482( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_392(a, b); + libcrux_sha3_portable_keccak_store_block_582(a, b); } /** @@ -2387,9 +2387,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_582( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2399,10 +2399,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c82( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_482(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); } /** @@ -2412,11 +2412,11 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_121( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_881(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2440,10 +2440,10 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { @@ -2455,7 +2455,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_241(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; @@ -2467,12 +2467,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_253(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_651(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2480,7 +2480,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_582(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2498,12 +2498,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf2( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c82(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_121(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); } } } @@ -2514,12 +2514,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf2(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2531,13 +2531,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -2547,13 +2547,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_240( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2561,12 +2561,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e00( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_390(s, buf); + libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -2583,9 +2583,9 @@ with const generics - BLOCKSIZE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_880(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e00(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); } /** @@ -2596,10 +2596,10 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_650( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2622,11 +2622,11 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_120( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_880(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -2650,10 +2650,10 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2665,7 +2665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2677,12 +2677,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_250(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2690,7 +2690,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2708,12 +2708,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf1( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2724,12 +2724,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf1(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2740,7 +2740,7 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2759,8 +2759,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_252( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d0(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2771,10 +2771,10 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { @@ -2786,7 +2786,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_240(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; @@ -2798,12 +2798,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_252(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_650(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2811,7 +2811,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_580(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2829,12 +2829,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf0( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c80(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_120(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); } } } @@ -2845,12 +2845,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf0(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2858,7 +2858,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_de1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2887,13 +2887,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_df( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_de1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -2903,13 +2903,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_24( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_df(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2917,11 +2917,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_ac1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_de1(s, buf); + libcrux_sha3_portable_keccak_load_block_b31(s, buf); } /** @@ -2933,13 +2933,13 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_2d1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_ac1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2950,7 +2950,7 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; @@ -2969,8 +2969,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_251( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_2d1(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_13(s); + libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_85(s); } /** @@ -2978,7 +2978,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_391( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( uint64_t (*s)[5U], Eurydice_slice out[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2999,12 +2999,12 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_e0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_store_block_391(s, buf); + libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); @@ -3020,9 +3020,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_88( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_e0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); } /** @@ -3033,10 +3033,10 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_65( +libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3061,9 +3061,9 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics - BLOCKSIZE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_481( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { - libcrux_sha3_portable_keccak_store_block_391(a, b); + libcrux_sha3_portable_keccak_store_block_581(a, b); } /** @@ -3073,9 +3073,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_581( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3085,10 +3085,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_c81( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(s); - libcrux_sha3_portable_keccak_store_block_5a_481(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); } /** @@ -3098,11 +3098,11 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_12( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_13(&s); + libcrux_sha3_generic_keccak_keccakf1600_85(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_88(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; @@ -3126,10 +3126,10 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_7a(); + libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { @@ -3141,7 +3141,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_24(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } size_t rem = core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; @@ -3153,12 +3153,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( libcrux_sha3_portable_keccak_slice_n_5a( copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_251(uu____2, ret); + libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_65(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3166,7 +3166,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_581(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3184,12 +3184,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_cf( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_c81(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_12(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); } } } @@ -3200,12 +3200,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_cf(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index d565000e0..a91465cf4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,2175 +5,30 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #include "libcrux_sha3_neon.h" -#include "internal/libcrux_core.h" - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t zero_fa(void) { return _vdupq_n_u64(0ULL); } - -static KRML_MUSTINLINE uint64x2_t _veor5q_u64(uint64x2_t a, uint64x2_t b, - uint64x2_t c, uint64x2_t d, - uint64x2_t e) { - uint64x2_t ab = _veorq_u64(a, b); - uint64x2_t cd = _veorq_u64(c, d); - uint64x2_t abcd = _veorq_u64(ab, cd); - return _veorq_u64(abcd, e); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t xor5_fa(uint64x2_t a, uint64x2_t b, - uint64x2_t c, uint64x2_t d, - uint64x2_t e) { - return _veor5q_u64(a, b, c, d, e); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_58(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)1, x, uint64x2_t), - _vshrq_n_u64((int32_t)63, x, uint64x2_t)); -} - -static KRML_MUSTINLINE uint64x2_t _vrax1q_u64(uint64x2_t a, uint64x2_t b) { - uint64x2_t uu____0 = a; - return _veorq_u64(uu____0, rotate_left_58(b)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left1_and_xor_fa(uint64x2_t a, - uint64x2_t b) { - return _vrax1q_u64(a, b); -} - -static KRML_MUSTINLINE uint64x2_t _vbcaxq_u64(uint64x2_t a, uint64x2_t b, - uint64x2_t c) { - return _veorq_u64(a, _vbicq_u64(b, c)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t and_not_xor_fa(uint64x2_t a, uint64x2_t b, - uint64x2_t c) { - return _vbcaxq_u64(a, b, c); -} - -static KRML_MUSTINLINE uint64x2_t _veorq_n_u64(uint64x2_t a, uint64_t c) { - uint64x2_t c0 = _vdupq_n_u64(c); - return _veorq_u64(a, c0); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t xor_constant_fa(uint64x2_t a, uint64_t c) { - return _veorq_n_u64(a, c); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE uint64x2_t xor_fa(uint64x2_t a, uint64x2_t b) { - return _veorq_u64(a, b); -} - -static KRML_MUSTINLINE void slice_2(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE void slice_n_fa(Eurydice_slice a[2U], size_t start, - size_t len, Eurydice_slice ret[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[2U]; - memcpy(copy_of_a, a, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret0[2U]; - slice_2(copy_of_a, start, len, ret0); - memcpy(ret, ret0, (size_t)2U * sizeof(Eurydice_slice)); -} - -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_2(Eurydice_slice out[2U], size_t mid) { - Eurydice_slice out0 = out[0U]; - Eurydice_slice out1 = out[1U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( - out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out00 = uu____0.fst; - Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( - out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice out10 = uu____1.fst; - Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_2size_t__x2 lit; - lit.fst[0U] = out00; - lit.fst[1U] = out10; - lit.snd[0U] = out01; - lit.snd[1U] = out11; - return lit; -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -static KRML_MUSTINLINE Eurydice_slice_uint8_t_2size_t__x2 -split_at_mut_n_fa(Eurydice_slice a[2U], size_t mid) { - return split_at_mut_2(a, mid); -} - -/** - Create a new Shake128 x4 state. -*/ -/** -This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} -*/ -/** -A monomorphic instance of libcrux_sha3.generic_keccak.new_1e -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_fc -new_1e_12(void) { - libcrux_sha3_generic_keccak_KeccakState_fc lit; - lit.st[0U][0U] = zero_fa(); - lit.st[0U][1U] = zero_fa(); - lit.st[0U][2U] = zero_fa(); - lit.st[0U][3U] = zero_fa(); - lit.st[0U][4U] = zero_fa(); - lit.st[1U][0U] = zero_fa(); - lit.st[1U][1U] = zero_fa(); - lit.st[1U][2U] = zero_fa(); - lit.st[1U][3U] = zero_fa(); - lit.st[1U][4U] = zero_fa(); - lit.st[2U][0U] = zero_fa(); - lit.st[2U][1U] = zero_fa(); - lit.st[2U][2U] = zero_fa(); - lit.st[2U][3U] = zero_fa(); - lit.st[2U][4U] = zero_fa(); - lit.st[3U][0U] = zero_fa(); - lit.st[3U][1U] = zero_fa(); - lit.st[3U][2U] = zero_fa(); - lit.st[3U][3U] = zero_fa(); - lit.st[3U][4U] = zero_fa(); - lit.st[4U][0U] = zero_fa(); - lit.st[4U][1U] = zero_fa(); - lit.st[4U][2U] = zero_fa(); - lit.st[4U][3U] = zero_fa(); - lit.st[4U][4U] = zero_fa(); - return lit; -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_3c(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)72U - (size_t)8U, - (size_t)72U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_fa_0f(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_580(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)36, x, uint64x2_t), - _vshrq_n_u64((int32_t)28, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c1(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_580(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 36 -- RIGHT= 28 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_581(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)3, x, uint64x2_t), - _vshrq_n_u64((int32_t)61, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c10(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_581(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 3 -- RIGHT= 61 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f0(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c10(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_582(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)41, x, uint64x2_t), - _vshrq_n_u64((int32_t)23, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c11(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_582(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 41 -- RIGHT= 23 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f1(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c11(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_583(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)18, x, uint64x2_t), - _vshrq_n_u64((int32_t)46, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c12(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_583(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 18 -- RIGHT= 46 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f2(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c12(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c13(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_58(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 1 -- RIGHT= 63 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f3(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c13(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_584(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)44, x, uint64x2_t), - _vshrq_n_u64((int32_t)20, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c14(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_584(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 44 -- RIGHT= 20 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f4(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c14(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_585(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)10, x, uint64x2_t), - _vshrq_n_u64((int32_t)54, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c15(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_585(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 10 -- RIGHT= 54 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f5(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c15(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_586(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)45, x, uint64x2_t), - _vshrq_n_u64((int32_t)19, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c16(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_586(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 45 -- RIGHT= 19 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f6(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c16(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_587(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)2, x, uint64x2_t), - _vshrq_n_u64((int32_t)62, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c17(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_587(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 2 -- RIGHT= 62 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f7(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c17(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_588(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)62, x, uint64x2_t), - _vshrq_n_u64((int32_t)2, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c18(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_588(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 62 -- RIGHT= 2 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f8(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c18(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_589(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)6, x, uint64x2_t), - _vshrq_n_u64((int32_t)58, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c19(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_589(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 6 -- RIGHT= 58 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f9(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c19(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5810(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)43, x, uint64x2_t), - _vshrq_n_u64((int32_t)21, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c110(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5810(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 43 -- RIGHT= 21 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f10(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c110(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5811(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)15, x, uint64x2_t), - _vshrq_n_u64((int32_t)49, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c111(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5811(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 15 -- RIGHT= 49 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f11(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c111(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5812(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)61, x, uint64x2_t), - _vshrq_n_u64((int32_t)3, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c112(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5812(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 61 -- RIGHT= 3 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f12(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c112(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5813(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)28, x, uint64x2_t), - _vshrq_n_u64((int32_t)36, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c113(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5813(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 28 -- RIGHT= 36 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f13(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c113(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5814(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)55, x, uint64x2_t), - _vshrq_n_u64((int32_t)9, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c114(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5814(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 55 -- RIGHT= 9 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f14(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c114(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5815(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)25, x, uint64x2_t), - _vshrq_n_u64((int32_t)39, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c115(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5815(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 25 -- RIGHT= 39 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f15(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c115(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5816(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)21, x, uint64x2_t), - _vshrq_n_u64((int32_t)43, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c116(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5816(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 21 -- RIGHT= 43 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f16(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c116(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5817(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)56, x, uint64x2_t), - _vshrq_n_u64((int32_t)8, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c117(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5817(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 56 -- RIGHT= 8 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f17(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c117(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5818(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)27, x, uint64x2_t), - _vshrq_n_u64((int32_t)37, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c118(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5818(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 27 -- RIGHT= 37 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f18(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c118(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5819(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)20, x, uint64x2_t), - _vshrq_n_u64((int32_t)44, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c119(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5819(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 20 -- RIGHT= 44 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f19(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c119(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5820(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)39, x, uint64x2_t), - _vshrq_n_u64((int32_t)25, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c120(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5820(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 39 -- RIGHT= 25 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f20(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c120(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5821(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)8, x, uint64x2_t), - _vshrq_n_u64((int32_t)56, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c121(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5821(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 8 -- RIGHT= 56 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f21(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c121(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.rotate_left -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64x2_t rotate_left_5822(uint64x2_t x) { - return _veorq_u64(_vshlq_n_u64((int32_t)14, x, uint64x2_t), - _vshrq_n_u64((int32_t)50, x, uint64x2_t)); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64._vxarq_u64 -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64x2_t _vxarq_u64_c122(uint64x2_t a, uint64x2_t b) { - uint64x2_t ab = _veorq_u64(a, b); - return rotate_left_5822(ab); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.xor_and_rotate_fa -with const generics -- LEFT= 14 -- RIGHT= 50 -*/ -static KRML_MUSTINLINE uint64x2_t xor_and_rotate_fa_1f22(uint64x2_t a, - uint64x2_t b) { - return _vxarq_u64_c122(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.theta_rho -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void theta_rho_eb( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - uint64x2_t c[5U] = {xor5_fa(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], - s->st[3U][0U], s->st[4U][0U]), - xor5_fa(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], - s->st[3U][1U], s->st[4U][1U]), - xor5_fa(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], - s->st[3U][2U], s->st[4U][2U]), - xor5_fa(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], - s->st[3U][3U], s->st[4U][3U]), - xor5_fa(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], - s->st[3U][4U], s->st[4U][4U])}; - uint64x2_t uu____0 = - rotate_left1_and_xor_fa(c[((size_t)0U + (size_t)4U) % (size_t)5U], - c[((size_t)0U + (size_t)1U) % (size_t)5U]); - uint64x2_t uu____1 = - rotate_left1_and_xor_fa(c[((size_t)1U + (size_t)4U) % (size_t)5U], - c[((size_t)1U + (size_t)1U) % (size_t)5U]); - uint64x2_t uu____2 = - rotate_left1_and_xor_fa(c[((size_t)2U + (size_t)4U) % (size_t)5U], - c[((size_t)2U + (size_t)1U) % (size_t)5U]); - uint64x2_t uu____3 = - rotate_left1_and_xor_fa(c[((size_t)3U + (size_t)4U) % (size_t)5U], - c[((size_t)3U + (size_t)1U) % (size_t)5U]); - uint64x2_t t[5U] = { - uu____0, uu____1, uu____2, uu____3, - rotate_left1_and_xor_fa(c[((size_t)4U + (size_t)4U) % (size_t)5U], - c[((size_t)4U + (size_t)1U) % (size_t)5U])}; - s->st[0U][0U] = xor_fa(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_fa_1f(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_fa_1f0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_fa_1f1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_fa_1f2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_fa_1f3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_fa_1f4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_fa_1f5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_fa_1f6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_fa_1f7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_fa_1f8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_fa_1f9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_fa_1f10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_fa_1f11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_fa_1f12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_fa_1f13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_fa_1f14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_fa_1f15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_fa_1f16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_fa_1f17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_fa_1f18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_fa_1f19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_fa_1f20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_fa_1f21(s->st[3U][4U], t[4U]); - uint64x2_t uu____27 = xor_and_rotate_fa_1f22(s->st[4U][4U], t[4U]); - s->st[4U][4U] = uu____27; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.pi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void pi_a0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - uint64x2_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); - s->st[0U][1U] = old[1U][1U]; - s->st[0U][2U] = old[2U][2U]; - s->st[0U][3U] = old[3U][3U]; - s->st[0U][4U] = old[4U][4U]; - s->st[1U][0U] = old[0U][3U]; - s->st[1U][1U] = old[1U][4U]; - s->st[1U][2U] = old[2U][0U]; - s->st[1U][3U] = old[3U][1U]; - s->st[1U][4U] = old[4U][2U]; - s->st[2U][0U] = old[0U][1U]; - s->st[2U][1U] = old[1U][2U]; - s->st[2U][2U] = old[2U][3U]; - s->st[2U][3U] = old[3U][4U]; - s->st[2U][4U] = old[4U][0U]; - s->st[3U][0U] = old[0U][4U]; - s->st[3U][1U] = old[1U][0U]; - s->st[3U][2U] = old[2U][1U]; - s->st[3U][3U] = old[3U][2U]; - s->st[3U][4U] = old[4U][3U]; - s->st[4U][0U] = old[0U][2U]; - s->st[4U][1U] = old[1U][3U]; - s->st[4U][2U] = old[2U][4U]; - s->st[4U][3U] = old[3U][0U]; - s->st[4U][4U] = old[4U][1U]; -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.chi -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void chi_b0( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - uint64x2_t old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(uint64x2_t[5U])); - KRML_MAYBE_FOR5( - i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; - KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; - s->st[i1][j] = and_not_xor_fa( - s->st[i1][j], old[i1][(j + (size_t)2U) % (size_t)5U], - old[i1][(j + (size_t)1U) % (size_t)5U]););); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.iota -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void iota_33( - libcrux_sha3_generic_keccak_KeccakState_fc *s, size_t i) { - s->st[0U][0U] = xor_constant_fa( - s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccakf1600 -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -*/ -static KRML_MUSTINLINE void keccakf1600_3e( - libcrux_sha3_generic_keccak_KeccakState_fc *s) { - for (size_t i = (size_t)0U; i < (size_t)24U; i++) { - size_t i0 = i; - theta_rho_eb(s); - pi_a0(s); - chi_b0(s); - iota_33(s, i0); - } -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void absorb_block_45( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_3e(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void load_block_full_fa_07(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)72U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_07(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_2f(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)72U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)72U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)72U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)72U - (size_t)8U, (size_t)72U, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_9a(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a5(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e7( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a5(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 72 -*/ -static KRML_MUSTINLINE void store_block_fa_90(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_90(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -*/ -static KRML_MUSTINLINE void squeeze_last_70( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a5(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_59(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - absorb_block_45(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)72U; - size_t last = outlen - outlen % (size_t)72U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e7(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)72U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)72U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_70(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 72 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_59(copy_of_data, out); -} - -/** - A portable SHA3 512 implementation. -*/ -void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[64U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)64U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_3c0(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_fa_0f0(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c0(uu____0, copy_of_b); -} - /** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void absorb_block_450( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f0(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_3e0(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c0(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void load_block_full_fa_070(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e0(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_2f0(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)136U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)136U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)136U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)136U - (size_t)8U, - (size_t)136U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_9a0(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f0(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a50(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a0(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e70( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a50(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void store_block_fa_900(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f0(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d0( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_900(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -*/ -static KRML_MUSTINLINE void squeeze_last_700( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a50(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_590(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe0(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 6 + A portable SHA3 512 implementation. */ -static KRML_MUSTINLINE void keccakx2_6e0(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_590(copy_of_data, out); +void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** A portable SHA3 256 implementation. */ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[32U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)32U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e0(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_070(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccak_591(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_450(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe1(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)136U; - size_t last = outlen - outlen % (size_t)136U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e70(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)136U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f0(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)136U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d0(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_700(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 136 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_591(copy_of_data, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2181,690 +36,60 @@ static KRML_MUSTINLINE void keccakx2_6e1(Eurydice_slice data[2U], Writes the two results into `out0` and `out1` */ -void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, - Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf0[2U] = {input0, input1}; - Eurydice_slice buf[2U] = {out0, out1}; - keccakx2_6e1(buf0, buf); +KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, + Eurydice_slice input1, + Eurydice_slice out0, + Eurydice_slice out1) { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Initialise the `KeccakState2`. */ -libcrux_sha3_generic_keccak_KeccakState_fc +KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { - return new_1e_12(); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_3c1(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_3e1(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c1(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void load_block_full_fa_071(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e1(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -- DELIM= 31 -*/ -static KRML_MUSTINLINE void absorb_final_fe2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 31U; - size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_071(uu____3, uu____4); - keccakf1600_3e(s); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ -void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, +KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { - Eurydice_slice buf[2U] = {data0, data1}; - absorb_final_fe2(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 168 -*/ -static KRML_MUSTINLINE void store_block_2f1(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)168U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)168U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)168U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)168U - (size_t)8U, - (size_t)168U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 168 -*/ -static KRML_MUSTINLINE void store_block_fa_901(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f1(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_901(s->st, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze 2 times the next block in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_next_block_5d1(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f1( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_901(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_three_blocks -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 168 -*/ -static KRML_MUSTINLINE void squeeze_first_three_blocks_2e( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - Eurydice_slice_uint8_t_2size_t__x2 uu____0 = - split_at_mut_n_fa(out, (size_t)168U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____0.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o10[2U]; - memcpy(o10, uu____0.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f1(s, o0); - Eurydice_slice_uint8_t_2size_t__x2 uu____1 = - split_at_mut_n_fa(o10, (size_t)168U); - Eurydice_slice o1[2U]; - memcpy(o1, uu____1.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o2[2U]; - memcpy(o2, uu____1.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d1(s, o1); - squeeze_next_block_5d1(s, o2); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** Squeeze 2 times the first three blocks in parallel in the [`KeccakState`] and return the output in `out0` and `out1`. */ -void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, +KRML_MUSTINLINE void +libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1) { - Eurydice_slice buf[2U] = {out0, out1}; - squeeze_first_three_blocks_2e(s, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_3c2(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_fa_0f1(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c2(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void absorb_block_451( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f1(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_3e2(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c2(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void load_block_full_fa_072(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e2(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)144U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_072(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_2f2(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)144U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)144U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)144U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)144U - (size_t)8U, - (size_t)144U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_9a1(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f2(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a51(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a1(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e71( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a51(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 144 -*/ -static KRML_MUSTINLINE void store_block_fa_902(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f2(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d2( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_902(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -*/ -static KRML_MUSTINLINE void squeeze_last_701( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a51(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_592(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - absorb_block_451(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe3(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)144U; - size_t last = outlen - outlen % (size_t)144U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e71(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)144U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f2(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)144U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d2(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_701(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 144 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_592(copy_of_data, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -2872,421 +97,9 @@ static KRML_MUSTINLINE void keccakx2_6e2(Eurydice_slice data[2U], */ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[28U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)28U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e2(uu____0, buf); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_3c3(uint64x2_t (*s)[5U], - Eurydice_slice blocks[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[0U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - uint64x2_t v1 = _vld1q_bytes_u64(Eurydice_slice_subslice2( - blocks[1U], (size_t)16U * i0, (size_t)16U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U] = _veorq_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - _vtrn1q_u64(v0, v1)); - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U] = - _veorq_u64(s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U], - _vtrn2q_u64(v0, v1)); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint64_t u[2U] = {0U}; - uint8_t uu____0[8U]; - core_result_Result_56 dst0; - Eurydice_slice_to_array2( - &dst0, - Eurydice_slice_subslice2(blocks[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst0, uu____0); - u[0U] = core_num__u64_9__from_le_bytes(uu____0); - uint8_t uu____1[8U]; - core_result_Result_56 dst; - Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(blocks[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____1); - u[1U] = core_num__u64_9__from_le_bytes(uu____1); - uint64x2_t uvec = _vld1q_u64( - Eurydice_array_to_slice((size_t)2U, u, uint64_t, Eurydice_slice)); - s[i][j] = _veorq_u64(s[i][j], uvec); - } -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_fa_0f2(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[2U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(Eurydice_slice)); - load_block_3c3(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void absorb_block_452( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice blocks[2U]) { - uint64x2_t(*uu____0)[5U] = s->st; - Eurydice_slice uu____1[2U]; - memcpy(uu____1, blocks, (size_t)2U * sizeof(Eurydice_slice)); - load_block_fa_0f2(uu____0, uu____1); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_3e3(uint64x2_t (*s)[5U], - uint8_t blocks[2U][200U]) { - Eurydice_slice buf[2U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice)}; - load_block_3c3(s, buf); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.load_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void load_block_full_fa_073(uint64x2_t (*a)[5U], - uint8_t b[2U][200U]) { - uint64x2_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[2U][200U]; - memcpy(copy_of_b, b, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_3e3(uu____0, copy_of_b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void absorb_final_fe4( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice last[2U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); - uint8_t blocks[2U][200U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); - } blocks[i0][last_len] = 6U; - size_t uu____1 = i0; size_t uu____2 = (size_t)104U - (size_t)1U; - blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - uint64x2_t(*uu____3)[5U] = s->st; - uint8_t uu____4[2U][200U]; - memcpy(uu____4, blocks, (size_t)2U * sizeof(uint8_t[200U])); - load_block_full_fa_073(uu____3, uu____4); - keccakf1600_3e(s); -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_2f3(uint64x2_t (*s)[5U], - Eurydice_slice out[2U]) { - for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)16U; i++) { - size_t i0 = i; - uint64x2_t v0 = _vtrn1q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - uint64x2_t v1 = _vtrn2q_u64( - s[(size_t)2U * i0 / (size_t)5U][(size_t)2U * i0 % (size_t)5U], - s[((size_t)2U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)2U * i0 + (size_t)1U) % (size_t)5U]); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[0U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v0); - _vst1q_bytes_u64(Eurydice_slice_subslice2(out[1U], (size_t)16U * i0, - (size_t)16U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice), - v1); - } - if ((size_t)104U % (size_t)16U != (size_t)0U) { - size_t i = ((size_t)104U / (size_t)8U - (size_t)1U) / (size_t)5U; - size_t j = ((size_t)104U / (size_t)8U - (size_t)1U) % (size_t)5U; - uint8_t u[16U] = {0U}; - _vst1q_bytes_u64( - Eurydice_array_to_slice((size_t)16U, u, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], (size_t)104U - (size_t)8U, - (size_t)104U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - } -} - -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full -with const generics -- RATE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_9a2(uint64x2_t (*s)[5U], - uint8_t ret[2U][200U]) { - uint8_t out0[200U] = {0U}; - uint8_t out1[200U] = {0U}; - Eurydice_slice buf[2U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice)}; - store_block_2f3(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_full_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_full_fa_a52(uint64x2_t (*a)[5U], - uint8_t ret[2U][200U]) { - store_block_full_9a2(a, ret); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_and_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_and_last_e72( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - uint8_t b[2U][200U]; - store_block_full_fa_a52(s->st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<2: -usize> for core::core_arch::arm_shared::neon::uint64x2_t)} -*/ -/** -A monomorphic instance of libcrux_sha3.simd.arm64.store_block_fa -with const generics -- BLOCKSIZE= 104 -*/ -static KRML_MUSTINLINE void store_block_fa_903(uint64x2_t (*a)[5U], - Eurydice_slice b[2U]) { - store_block_2f3(a, b); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_first_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_first_block_3f3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_next_block -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_next_block_5d3( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out[2U]) { - keccakf1600_3e(s); - store_block_fa_903(s->st, out); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_last -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -*/ -static KRML_MUSTINLINE void squeeze_last_702( - libcrux_sha3_generic_keccak_KeccakState_fc s, Eurydice_slice out[2U]) { - keccakf1600_3e(&s); - uint8_t b[2U][200U]; - store_block_full_fa_a52(s.st, b); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; - core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); -} - -/** -A monomorphic instance of libcrux_sha3.generic_keccak.keccak -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- N= 2 -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccak_593(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - libcrux_sha3_generic_keccak_KeccakState_fc s = new_1e_12(); - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { - size_t i0 = i; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - absorb_block_452(uu____0, ret); - } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; - libcrux_sha3_generic_keccak_KeccakState_fc *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice ret[2U]; - slice_n_fa(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); - absorb_final_fe4(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); - size_t blocks = outlen / (size_t)104U; - size_t last = outlen - outlen % (size_t)104U; - if (blocks == (size_t)0U) { - squeeze_first_and_last_e72(&s, out); - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____4 = - split_at_mut_n_fa(out, (size_t)104U); - Eurydice_slice o0[2U]; - memcpy(o0, uu____4.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice o1[2U]; - memcpy(o1, uu____4.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_first_block_3f3(&s, o0); - core_ops_range_Range_b3 iter = - core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( - (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, - .end = blocks}), - core_ops_range_Range_b3, core_ops_range_Range_b3); - while (true) { - if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { - break; - } else { - Eurydice_slice_uint8_t_2size_t__x2 uu____5 = - split_at_mut_n_fa(o1, (size_t)104U); - Eurydice_slice o[2U]; - memcpy(o, uu____5.fst, (size_t)2U * sizeof(Eurydice_slice)); - Eurydice_slice orest[2U]; - memcpy(orest, uu____5.snd, (size_t)2U * sizeof(Eurydice_slice)); - squeeze_next_block_5d3(&s, o); - memcpy(o1, orest, (size_t)2U * sizeof(Eurydice_slice)); - } - } - if (last < outlen) { - squeeze_last_702(s, o1); - } - } -} - -/** -A monomorphic instance of libcrux_sha3.neon.keccakx2 -with const generics -- RATE= 104 -- DELIM= 6 -*/ -static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], - Eurydice_slice out[2U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[2U]; - memcpy(copy_of_data, data, (size_t)2U * sizeof(Eurydice_slice)); - keccak_593(copy_of_data, out); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } /** @@ -3294,10 +107,7 @@ static KRML_MUSTINLINE void keccakx2_6e3(Eurydice_slice data[2U], */ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { - uint8_t dummy[48U] = {0U}; - Eurydice_slice uu____0[2U] = {data, data}; - Eurydice_slice buf[2U] = { - digest, - Eurydice_array_to_slice((size_t)48U, dummy, uint8_t, Eurydice_slice)}; - keccakx2_6e3(uu____0, buf); + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "panic!"); + KRML_HOST_EXIT(255U); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 983358000..a01df3164 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 - * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 */ #ifndef __libcrux_sha3_neon_H @@ -20,19 +20,8 @@ extern "C" { #include "eurydice_glue.h" #include "intrinsics/libcrux_intrinsics_arm64.h" -#include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** -A monomorphic instance of libcrux_sha3.generic_keccak.KeccakState -with types core_core_arch_arm_shared_neon_uint64x2_t -with const generics -- $2size_t -*/ -typedef struct libcrux_sha3_generic_keccak_KeccakState_fc_s { - uint64x2_t st[5U][5U]; -} libcrux_sha3_generic_keccak_KeccakState_fc; - /** A portable SHA3 512 implementation. */ @@ -51,17 +40,21 @@ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); +typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { + libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; +} libcrux_sha3_neon_x2_incremental_KeccakState; + /** Initialise the `KeccakState2`. */ -libcrux_sha3_generic_keccak_KeccakState_fc +libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); /** Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. */ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice data0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); /** @@ -69,7 +62,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); /** @@ -77,7 +70,7 @@ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( [`KeccakState`] and return the output in `out0` and `out1`. */ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( - libcrux_sha3_generic_keccak_KeccakState_fc *s, Eurydice_slice out0, + libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); /** From 37727e24f53f0a7f41c129784ad5aa5136c81cbe Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 09:23:14 -0700 Subject: [PATCH 07/16] Embrace shorter names, for readability --- libcrux-ml-kem/c.yaml | 4 +- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 128 +- libcrux-ml-kem/c/libcrux_core.c | 2 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 1392 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 465 +++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 37 files changed, 939 insertions(+), 1116 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index e391dab17..db12e833c 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -235,5 +235,5 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] - # - [libcrux_intrinsics, arm64] - # - [libcrux_intrinsics, avx2] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 31c8dfd1b..7ca8d2e1a 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 +Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index b8b4cc329..6447aecc7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ba6f74a0f..122e813a5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 0436054d3..f631392e3 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 71f9fa63d..b46eec044 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index a2772321d..9b57ccead 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..6a88e0bc3 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -22,49 +22,49 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +mm256_castsi256_si128(core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +mm256_castsi128_si256(core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +mm256_setzero_si256(void) { return _mm256_setzero_si256(); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( +static inline core_core_arch_x86___m128i mm_set1_epi16( int16_t a) { return _mm_set1_epi16(a); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, +mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, @@ -74,7 +74,7 @@ libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +86,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -95,43 +95,43 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, +mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, int32_t x3, int32_t x4, int32_t x5, int32_t x6, int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +mm256_loadu_si256_i16(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +mm256_loadu_si256_u8(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( +static inline core_core_arch_x86___m128i mm_loadu_si128( Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( +static inline void mm_storeu_bytes_si128( Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( +static inline void mm256_storeu_si256_i16( Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( +static inline void mm256_storeu_si256_u8( Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( +static inline void mm_storeu_si128( Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } @@ -139,29 +139,29 @@ static inline void libcrux_intrinsics_avx2_mm_storeu_si128( // Arithmetic: Add, Sub static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, +mm256_add_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, +mm256_add_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, +mm256_sub_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } @@ -169,41 +169,41 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( // Arithmetic: Mul low and high, Mul-Add combinations static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, +mm256_mullo_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, +mm256_mulhi_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, +mm256_mul_epu32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, +mm256_mullo_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, +mm256_madd_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } @@ -211,7 +211,7 @@ libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, // Comparison static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, +mm256_cmpgt_epi16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } @@ -219,140 +219,140 @@ libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, // Bitwise operations static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, +mm256_and_si256(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, +mm256_andnot_si256(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, +mm256_xor_si256(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( +static inline int32_t mm_movemask_epi8( core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ +#define mm256_srai_epi16(a, b, _) \ (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ +#define mm256_srli_epi16(a, b, _) \ (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ +#define mm256_slli_epi16(a, b, _) \ (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ +#define mm256_slli_epi32(a, b, _) \ (_mm256_slli_epi32(b, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, +mm256_slli_epi64_(int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) \ + (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ +#define mm256_srai_epi32(a, b, _) \ (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ +#define mm256_srli_epi32(a, b, _) \ (_mm256_srli_epi32(b, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, +mm256_sllv_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, +mm256_srli_epi64_(int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) \ + (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, +mm256_unpacklo_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, +mm256_unpacklo_epi64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, +mm256_unpackhi_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, +mm256_unpackhi_epi64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, +mm256_packs_epi32(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ +#define mm256_shuffle_epi32(a, b, _) \ (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ +#define mm256_extracti128_si256(a, b, _) \ (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ +#define mm256_permute4x64_epi64(a, b, _) \ (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ +#define mm256_inserti128_si256(a, b, c, _) \ (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ +#define mm256_blend_epi16(a, b, c, _) \ (_mm256_blend_epi16(b, c, a)) static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, +mm256_shuffle_epi8(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, +mm_shuffle_epi8(core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index c1d56db43..d68b3887e 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 40be3b44a..ad9f756f8 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 6d0432bcc..c08529c9c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 6b6dabae9..50e07c62b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 3eb7ab530..30042b65f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 47b7414e5..9abe37717 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 969f1f171..e5ae18614 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index f1b352eb1..a41aba859 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d62291692..9deb73411 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 05e34bdaf..736ff90ed 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 06ceac83b..51502e519 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index f8f12869b..27cd25734 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9967f5950..22af455fa 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index dd79bbbda..ca06a1920 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index f683880f8..5ede081b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index d9c847566..72a702c2d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index ae0b2abf7..4b62b2e08 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b99e1ded1..b8552f9a9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_mlkem_avx2.h" @@ -36,7 +36,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); + return mm256_setzero_si256(); } /** @@ -49,7 +49,7 @@ __m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); + return mm256_loadu_si256_i16(array); } /** @@ -63,7 +63,7 @@ __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -78,7 +78,7 @@ void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); + return mm256_add_epi16(lhs, rhs); } /** @@ -91,7 +91,7 @@ __m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); + return mm256_sub_epi16(lhs, rhs); } /** @@ -105,8 +105,7 @@ __m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); } /** @@ -121,8 +120,7 @@ __m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( __m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + return mm256_and_si256(vector, mm256_set1_epi16(constant)); } /** @@ -137,16 +135,14 @@ __m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - __m256i sign_mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, __m256i); + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = + mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); __m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); + mm256_and_si256(sign_mask, field_modulus); + return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } /** @@ -163,19 +159,14 @@ __m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { */ KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( + __m256i t = mm256_mulhi_epi16( + vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - __m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, __m256i); - __m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); + __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = mm256_mullo_epi16( + quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return mm256_sub_epi16(vector, quotient_times_field_modulus); } /** @@ -189,20 +180,17 @@ __m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( __m256i vector, int16_t constant) { - __m256i constant0 = libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - __m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i constant0 = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(vector, constant0); + return mm256_sub_epi16(value_high, k_times_modulus); } /** @@ -218,21 +206,16 @@ __m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( __m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi16( + __m256i field_modulus_halved = mm256_set1_epi16( (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); - __m256i field_modulus_quartered = libcrux_intrinsics_avx2_mm256_set1_epi16( + __m256i field_modulus_quartered = mm256_set1_epi16( (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); - __m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - __m256i mask = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, shifted, __m256i); - __m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); __m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, __m256i); + mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); + return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); } /** @@ -246,45 +229,41 @@ __m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( __m256i lhs, __m256i rhs) { - __m256i prod02 = libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - __m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, __m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); + __m256i prod02 = mm256_mul_epu32(lhs, rhs); + __m256i prod13 = + mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), + mm256_unpackhi_epi32(prod02, prod13)); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( __m256i v, __m256i c) { - __m256i value_low = libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i value_low = mm256_mullo_epi16(v, c); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(v, c); + return mm256_sub_epi16(value_high, k_times_modulus); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); + __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, + zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, + -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** @@ -302,17 +281,15 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)238, - vector, __m256i); + __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, + zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, + zeta0, zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)68, vector, __m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** @@ -328,33 +305,30 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( __m128i v, __m128i c) { - __m128i value_low = libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - __m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i value_low = mm_mullo_epi16(v, c); + __m128i k = mm_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( + mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); + __m128i k_times_modulus = mm_mulhi_epi16( + k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = mm_mulhi_epi16(v, c); + return mm_sub_epi16(value_high, k_times_modulus); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { - __m128i rhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); + __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m128i lhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, __m256i); + rhs, mm_set1_epi16(zeta)); + __m128i lhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, + __m256i); } /** @@ -369,26 +343,22 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, - vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)160, - vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - __m256i sum0 = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + __m256i sum0 = mm256_add_epi16(lhs, rhs0); __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + sum0, + mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)204, sum, - sum_times_zetas, __m256i); + return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); } /** @@ -406,25 +376,21 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i lhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, __m256i); - __m256i rhs = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, __m256i); - __m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - __m256i sum = libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); + __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); + __m256i sum = mm256_add_epi16(lhs, rhs0); __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)240, sum, - sum_times_zetas, __m256i); + sum, + mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); } /** @@ -440,18 +406,16 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( __m256i vector, int16_t zeta) { - __m128i lhs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m128i rhs = libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - __m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, __m256i); + upper_coefficients, mm_set1_epi16(zeta)); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, + __m256i); } /** @@ -465,87 +429,74 @@ __m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i k = mm256_mullo_epi16( v, - libcrux_intrinsics_avx2_mm256_set1_epi32( + mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, __m256i); - __m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - __m256i result0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, result, __m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - __m256i); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); + return mm256_srai_epi32((int32_t)16, result0, __m256i); } KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { - __m256i shuffle_with = libcrux_intrinsics_avx2_mm256_set_epi8( + __m256i shuffle_with = mm256_set_epi8( (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - __m256i lhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, __m256i); - __m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - __m256i lhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - __m128i lhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, __m128i); - __m256i lhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - __m256i rhs_shuffled0 = libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, __m256i); - __m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - __m256i rhs_evens0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - __m128i rhs_odds = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, __m128i); - __m256i rhs_odds0 = libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - __m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - __m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = + mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = + mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); + __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - __m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - __m256i products_left = libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + __m256i right1 = mm256_mullo_epi32( + right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, + (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, + -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = mm256_add_epi32(left, right1); __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - __m256i rhs_adjacent_swapped = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( rhs, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, - (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, - (int8_t)1, (int8_t)0, (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, - (int8_t)15, (int8_t)14, (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, - (int8_t)5, (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - __m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - __m256i products_right1 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, products_right0, __m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, __m256i); + __m256i products_right1 = + mm256_slli_epi32((int32_t)16, products_right0, __m256i); + return mm256_blend_epi16((int32_t)170, products_left0, products_right1, + __m256i); } /** @@ -562,13 +513,11 @@ __m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -586,48 +535,47 @@ void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i coefficients = + mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t)); + __m256i shift_lsb_to_msb = mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); __m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)15, - coefficients_in_msb, __m256i); + mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } /** @@ -641,27 +589,27 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, (int8_t)0)); - __m256i combined = libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + __m256i combined = mm256_permutevar8x32_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = mm256_castsi256_si128(combined); + mm_storeu_bytes_si128( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); uint8_t ret0[8U]; @@ -686,51 +634,50 @@ void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i coefficients = + mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients_in_msb, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = + mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); + return mm256_and_si256(coefficients_in_lsb, + mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } /** @@ -744,37 +691,34 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = libcrux_intrinsics_avx2_mm256_sllv_epi32( + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = mm256_sllv_epi32( adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - __m256i adjacent_8_combined1 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = + mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, Eurydice_slice), upper_8); @@ -800,7 +744,7 @@ void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + __m128i coefficients = mm_set_epi8( Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), @@ -817,29 +761,27 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - __m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( + __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = mm256_inserti128_si256( (int32_t)1, coefficients_loaded, coefficients, __m256i); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i coefficients0 = mm256_shuffle_epi8( coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, (int8_t)8, - (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, (int8_t)4, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - __m256i); + mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, + (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)1, (int8_t)0)); + __m256i coefficients1 = mm256_mullo_epi16( + coefficients0, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); } /** @@ -853,38 +795,36 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, Eurydice_slice), upper_8); @@ -910,36 +850,28 @@ void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, - 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, - 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)6, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); + __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } /** @@ -953,7 +885,7 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + mm256_storeu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = @@ -979,7 +911,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + return mm256_loadu_si256_i16( Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); } @@ -994,37 +926,36 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - __m256i adjacent_4_combined = libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - __m256i adjacent_4_combined0 = libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)8, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = libcrux_intrinsics_avx2_mm256_shuffle_epi8( + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, - (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, (int8_t)12, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0)); - __m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, __m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice), lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + mm_storeu_bytes_si128( Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, Eurydice_slice), upper_8); @@ -1050,36 +981,28 @@ void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( + __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, - 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, - 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, __m256i); - __m256i coefficients1 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)4, coefficients1, __m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); + __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, + 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); } /** @@ -1092,13 +1015,12 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); __m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); + mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -1107,32 +1029,28 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = + mm_shuffle_epi8(lower_coefficients, lower_shuffles0); + mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, __m128i); - __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); + __m128i upper_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = + mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = + mm_shuffle_epi8(upper_coefficients, upper_shuffles0); + mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1259,7 +1177,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); + return mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -3262,47 +3180,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)10, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3353,47 +3265,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a0(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)11, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3469,47 +3375,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a1(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)4, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3558,47 +3458,41 @@ generics */ static KRML_MUSTINLINE __m256i compress_ciphertext_coefficient_8a2(__m256i vector) { - __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( + __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); - __m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_low0, __m256i); - __m256i compressed_low0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_low, field_modulus_halved); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)5, coefficients_high0, __m256i); - __m256i compressed_high0 = libcrux_intrinsics_avx2_mm256_add_epi32( - compressed_high, field_modulus_halved); + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = libcrux_intrinsics_avx2_mm256_and_si256( - compressed_high2, coefficient_bits_mask); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - compressed_low3, compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4069,42 +3963,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_55(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)10, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4152,42 +4041,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_550(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)11, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4309,42 +4193,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_551(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)4, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4391,42 +4270,37 @@ generics */ static KRML_MUSTINLINE __m256i decompress_ciphertext_coefficient_552(__m256i vector) { - __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - __m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_low0, field_modulus); - __m256i decompressed_low0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_low1, __m256i); - __m256i decompressed_low3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, __m128i); - __m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = libcrux_intrinsics_avx2_mm256_mullo_epi32( - coefficients_high0, field_modulus); - __m256i decompressed_high0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = libcrux_intrinsics_avx2_mm256_add_epi32( - decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)5, decompressed_high1, __m256i); - __m256i decompressed_high3 = libcrux_intrinsics_avx2_mm256_srli_epi32( - (int32_t)1, decompressed_high2, __m256i); - __m256i compressed = libcrux_intrinsics_avx2_mm256_packs_epi32( - decompressed_low3, decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64((int32_t)216, - compressed, __m256i); + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index d4cf42d54..0160ca63a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index c14a63754..17829cbe3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index f2358c033..ac6a63ca9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 67dd953b3..12255e9d4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 3d3735079..b0289bed0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 89cc9f803..ccfe7dd6c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 8f3f323a2..3faad892c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "internal/libcrux_sha3_avx2.h" @@ -20,15 +20,15 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE __m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); + return mm256_set1_epi64x((int64_t)0); } static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, __m256i d, __m256i e) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - __m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - __m256i abcd = libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); + __m256i ab = mm256_xor_si256(a, b); + __m256i cd = mm256_xor_si256(c, d); + __m256i abcd = mm256_xor_si256(ab, cd); + return mm256_xor_si256(abcd, e); } /** @@ -47,14 +47,13 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), + mm256_srli_epi64((int32_t)63, x, __m256i)); } static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { __m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); + return mm256_xor_si256(uu____0, rotate_left_58(b)); } /** @@ -66,8 +65,7 @@ static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { } static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); + return mm256_xor_si256(a, mm256_andnot_si256(c, b)); } /** @@ -79,8 +77,8 @@ static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { } static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); + __m256i c0 = mm256_set1_epi64x((int64_t)c); + return mm256_xor_si256(a, c0); } /** @@ -96,7 +94,7 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + return mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, @@ -221,55 +219,44 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); + __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); @@ -302,12 +289,11 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( @@ -338,14 +324,13 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -374,9 +359,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), + mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -386,7 +370,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -411,9 +395,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), + mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -423,7 +406,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -448,9 +431,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), + mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -460,7 +442,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -485,9 +467,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), + mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -497,7 +478,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -522,7 +503,7 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -547,9 +528,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), + mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -559,7 +539,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -584,9 +564,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), + mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -596,7 +575,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -621,9 +600,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), + mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -633,7 +611,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -658,9 +636,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), + mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -670,7 +647,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -695,9 +672,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), + mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -707,7 +683,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -732,9 +708,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), + mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -744,7 +719,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -769,9 +744,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), + mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -781,7 +755,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -806,9 +780,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), + mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -818,7 +791,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -843,9 +816,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), + mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -855,7 +827,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -880,9 +852,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), + mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -892,7 +863,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -917,9 +888,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), + mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -929,7 +899,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -954,9 +924,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), + mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -966,7 +935,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -991,9 +960,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), + mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1003,7 +971,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -1028,9 +996,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), + mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1040,7 +1007,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1065,9 +1032,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), + mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1077,7 +1043,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1102,9 +1068,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), + mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1114,7 +1079,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1139,9 +1104,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), + mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1151,7 +1115,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1176,9 +1140,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), + mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1188,7 +1151,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1213,9 +1176,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, __m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, __m256i)); + return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), + mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1225,7 +1187,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { - __m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1478,52 +1440,52 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v0l = mm256_permute2x128_si256( (int32_t)32, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), @@ -1534,7 +1496,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( @@ -1571,7 +1533,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____4 = @@ -1846,55 +1808,44 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - __m256i v3h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - __m256i v0 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, __m256i); - __m256i v1 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, __m256i); - __m256i v2 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, __m256i); - __m256i v3 = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, __m256i); + __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); @@ -1927,12 +1878,11 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( @@ -1963,14 +1913,13 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); - __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -2058,52 +2007,52 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v0l = mm256_permute2x128_si256( (int32_t)32, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v1h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = libcrux_intrinsics_avx2_mm256_permute2x128_si256( + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( (int32_t)49, s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], __m256i); - __m256i v3h = libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, Eurydice_slice), @@ -2114,7 +2063,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( @@ -2151,7 +2100,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), s[i][j]); Eurydice_slice uu____4 = diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 7db033a15..6a0f4aa3d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 6ed85eaba..5c6e1b03d 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index a91465cf4..410cf801c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index a01df3164..f934f6423 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0b811dab12d3bb3f004bb2ac853ff4a822780566 + * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd */ #ifndef __libcrux_sha3_neon_H From 97db7bc6fbcaa3763c7579c1259fea71c78bd468 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 10:01:43 -0700 Subject: [PATCH 08/16] Formatting + recognize builtin slice operations and give them better names --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/eurydice_glue.h | 4 +- libcrux-ml-kem/c/internal/libcrux_core.h | 2 +- .../c/internal/libcrux_mlkem_avx2.h | 2 +- .../c/internal/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 229 +++++------- libcrux-ml-kem/c/libcrux_core.c | 60 ++- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 349 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 351 ++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 153 ++++---- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 148 ++++---- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 37 files changed, 614 insertions(+), 740 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 7ca8d2e1a..e723c2449 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 53530427db2941ce784201e64086766504bc5642 Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd +Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..d69631b89 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -79,8 +79,8 @@ typedef struct { EURYDICE_SLICE((t *)x, r, size) #define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6447aecc7..fc8ac46d8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 122e813a5..0cdbbba23 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index f631392e3..2a1c4a130 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index b46eec044..e8973523d 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 9b57ccead..f32525ccb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index 6a88e0bc3..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,55 +21,47 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } @@ -94,59 +86,57 @@ static inline core_core_arch_x86___m128i mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } @@ -155,9 +145,8 @@ static inline core_core_arch_x86___m128i mm_add_epi16( return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } @@ -168,27 +157,23 @@ static inline core_core_arch_x86___m128i mm_sub_epi16( // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } @@ -202,117 +187,95 @@ static inline core_core_arch_x86___m128i mm_mulhi_epi16( return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define mm256_slli_epi64(a, b, c) \ - (mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define mm256_srli_epi64(a, b, c) \ - (mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } @@ -321,39 +284,31 @@ static inline core_core_arch_x86___m128i mm_packs_epi16( return _mm_packs_epi16(a, b); } -#define mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) #define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index d68b3887e..15612ec34 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_core.h" @@ -34,8 +34,8 @@ static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } */ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); + i++) { size_t i0 = i; r = (uint32_t)r | ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ @@ -209,11 +209,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } @@ -338,11 +337,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -451,11 +449,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -492,11 +489,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -528,11 +524,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } @@ -549,11 +544,10 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index ad9f756f8..75ee93307 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index c08529c9c..35863ace6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 50e07c62b..2741fefc1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 30042b65f..346218da7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 9abe37717..bc1c96e81 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index e5ae18614..2c9ddcf4a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index a41aba859..dfeb04196 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 9deb73411..bd85d0d3f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 736ff90ed..4dfe273b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 51502e519..ad6bcfffc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 27cd25734..81023ba82 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 22af455fa..648efde9f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index ca06a1920..2203e3d4f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 5ede081b1..47eb50f62 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 72a702c2d..621907540 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4b62b2e08..600c04eb6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index b8552f9a9..f9b13c6ca 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_mlkem_avx2.h" @@ -1119,9 +1119,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -1153,7 +1151,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1224,7 +1222,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1247,7 +1245,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -1262,7 +1260,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1290,15 +1288,14 @@ static KRML_MUSTINLINE void serialize_public_key_d01( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; serialize_secret_key_ae1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1762,7 +1759,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; sample_from_xof_b01(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -1903,8 +1900,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -1950,8 +1946,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -2300,7 +2295,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -2364,7 +2359,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -2374,7 +2369,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -2708,29 +2703,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_a9_651(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2738,13 +2733,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -3052,7 +3046,7 @@ static KRML_MUSTINLINE void compute_vector_u_001( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -3062,7 +3056,7 @@ static KRML_MUSTINLINE void compute_vector_u_001( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3249,7 +3243,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_2f( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3345,7 +3339,7 @@ static void compress_then_serialize_u_841( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3360,7 +3354,7 @@ static void compress_then_serialize_u_841( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3441,7 +3435,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_b7( compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -3524,7 +3518,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_35( compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -3689,7 +3683,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -3713,10 +3707,9 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -3745,7 +3738,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -3771,7 +3764,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3870,7 +3863,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -3915,7 +3908,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4020,9 +4013,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_10_a7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, @@ -4098,9 +4089,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_11_8d(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, @@ -4160,10 +4149,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4250,8 +4238,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_4_9a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, @@ -4327,9 +4314,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_then_decompress_5_75(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, @@ -4424,7 +4409,7 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *);); @@ -4543,7 +4528,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -4567,8 +4552,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4605,9 +4590,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -4633,7 +4616,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_201( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4726,7 +4709,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -4746,8 +4729,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_933( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -4799,7 +4782,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4832,7 +4815,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -4847,7 +4830,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4875,15 +4858,14 @@ static KRML_MUSTINLINE void serialize_public_key_d00( (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; serialize_secret_key_ae0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1568U, public_key_serialized, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -5329,7 +5311,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; sample_from_xof_b00(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5479,7 +5461,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -5508,7 +5490,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], @@ -5518,7 +5500,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5832,29 +5814,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_a9_650(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5862,13 +5844,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -6029,7 +6010,7 @@ static KRML_MUSTINLINE void compute_vector_u_000( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], @@ -6039,7 +6020,7 @@ static KRML_MUSTINLINE void compute_vector_u_000( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -6104,7 +6085,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_d10( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6142,7 +6123,7 @@ static void compress_then_serialize_u_840( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -6157,7 +6138,7 @@ static void compress_then_serialize_u_840( Eurydice_slice); uint8_t ret[352U]; compress_then_serialize_ring_element_u_b20(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6321,7 +6302,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -6345,10 +6326,9 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -6377,7 +6357,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -6403,7 +6383,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6502,7 +6482,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -6547,7 +6527,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6636,10 +6616,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6799,7 +6778,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -6823,8 +6802,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -6867,7 +6846,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_200( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6961,7 +6940,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -6981,8 +6960,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_931( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -7034,7 +7013,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7067,7 +7046,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -7082,7 +7061,7 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7109,15 +7088,14 @@ static KRML_MUSTINLINE void serialize_public_key_d0( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)800U, public_key_serialized, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -7551,7 +7529,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -7706,7 +7684,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -7735,7 +7713,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], @@ -7745,7 +7723,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -8059,29 +8037,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8089,13 +8067,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -8302,7 +8279,7 @@ static KRML_MUSTINLINE void compute_vector_u_00( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_d5();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], @@ -8312,7 +8289,7 @@ static KRML_MUSTINLINE void compute_vector_u_00( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -8374,7 +8351,7 @@ static void compress_then_serialize_u_84( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -8389,7 +8366,7 @@ static void compress_then_serialize_u_84( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_b2(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8540,7 +8517,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -8564,10 +8541,9 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -8596,7 +8572,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -8622,7 +8598,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8721,7 +8697,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -8766,7 +8742,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8825,10 +8801,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8976,7 +8951,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -9000,8 +8975,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -9044,7 +9019,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_20( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9137,7 +9112,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -9157,8 +9132,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_93( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 0160ca63a..387e2688b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 17829cbe3..5e095170d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index ac6a63ca9..b16ccff8b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 12255e9d4..8e3b74136 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_mlkem_portable.h" @@ -2228,7 +2228,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -2352,9 +2352,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -2388,7 +2386,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2471,7 +2469,7 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2494,7 +2492,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -2509,7 +2507,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2537,15 +2535,14 @@ static KRML_MUSTINLINE void serialize_public_key_801( (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; serialize_secret_key_f81(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1568U, public_key_serialized, (size_t)1536U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -3009,7 +3006,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; sample_from_xof_2b1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -3134,8 +3131,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3181,8 +3177,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3551,7 +3546,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_931( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3624,7 +3619,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], @@ -3634,7 +3629,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -3975,29 +3970,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_f1_2e1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4005,13 +4000,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -4331,7 +4325,7 @@ static KRML_MUSTINLINE void compute_vector_u_a11( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], @@ -4341,7 +4335,7 @@ static KRML_MUSTINLINE void compute_vector_u_a11( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4541,7 +4535,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_e10( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4579,7 +4573,7 @@ static void compress_then_serialize_u_241( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4594,7 +4588,7 @@ static void compress_then_serialize_u_241( Eurydice_slice); uint8_t ret[352U]; compress_then_serialize_ring_element_u_2f0(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4649,7 +4643,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_e5( compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -4706,7 +4700,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a3( compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -4874,7 +4868,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -4898,10 +4892,9 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); @@ -4930,7 +4923,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -4956,7 +4949,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5056,7 +5049,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -5101,7 +5094,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5188,9 +5181,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_10_e9(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, @@ -5251,9 +5242,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_11_f5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, @@ -5316,10 +5305,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5388,8 +5376,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_4_34(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, @@ -5450,9 +5437,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_then_decompress_5_53(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, @@ -5554,7 +5539,7 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *);); @@ -5675,7 +5660,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -5699,8 +5684,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5737,9 +5722,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -5767,7 +5750,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5861,7 +5844,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -5881,8 +5864,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_043( Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), @@ -5934,7 +5917,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5967,7 +5950,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -5982,7 +5965,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6009,15 +5992,14 @@ static KRML_MUSTINLINE void serialize_public_key_800( public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; serialize_secret_key_f80(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)800U, public_key_serialized, (size_t)768U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6455,7 +6437,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; sample_from_xof_2b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6598,7 +6580,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6632,7 +6614,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], @@ -6642,7 +6624,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6960,29 +6942,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_f1_2e0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6990,13 +6972,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -7192,7 +7173,7 @@ static KRML_MUSTINLINE void compute_vector_u_a10( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], @@ -7202,7 +7183,7 @@ static KRML_MUSTINLINE void compute_vector_u_a10( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -7267,7 +7248,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_3b( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7305,7 +7286,7 @@ static void compress_then_serialize_u_240( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -7320,7 +7301,7 @@ static void compress_then_serialize_u_240( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7485,7 +7466,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -7509,10 +7490,9 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); @@ -7541,7 +7521,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -7567,7 +7547,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7667,7 +7647,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -7712,7 +7692,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -7801,10 +7781,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7964,7 +7943,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -7988,8 +7967,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8032,7 +8011,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8125,7 +8104,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -8145,8 +8124,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_041( Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), @@ -8198,7 +8177,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8231,7 +8210,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -8246,7 +8225,7 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( uint8_t, Eurydice_slice); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -8274,15 +8253,14 @@ static KRML_MUSTINLINE void serialize_public_key_80( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -8720,7 +8698,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -8852,7 +8830,7 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8886,7 +8864,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -8896,7 +8874,7 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -9214,29 +9192,29 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -9244,13 +9222,12 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -9413,7 +9390,7 @@ static KRML_MUSTINLINE void compute_vector_u_a1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_39();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -9423,7 +9400,7 @@ static KRML_MUSTINLINE void compute_vector_u_a1( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -9485,7 +9462,7 @@ static void compress_then_serialize_u_24( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -9500,7 +9477,7 @@ static void compress_then_serialize_u_24( Eurydice_slice); uint8_t ret[320U]; compress_then_serialize_ring_element_u_2f(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -9653,7 +9630,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -9677,10 +9654,9 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); @@ -9709,7 +9685,7 @@ with const generics static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -9735,7 +9711,7 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9835,7 +9811,7 @@ with const generics static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -9880,7 +9856,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -9939,10 +9915,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -10091,7 +10066,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -10115,8 +10090,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), @@ -10159,7 +10134,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -10252,7 +10227,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -10272,8 +10247,8 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b0289bed0..9f1fa404e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ccfe7dd6c..1db3feef1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 3faad892c..21018855e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "internal/libcrux_sha3_avx2.h" @@ -263,28 +263,28 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -298,28 +298,28 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -1412,15 +1412,14 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -1501,32 +1500,28 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1539,7 +1534,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -1547,7 +1542,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1555,7 +1550,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -1563,7 +1558,7 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), @@ -1634,8 +1629,8 @@ static KRML_MUSTINLINE void squeeze_first_and_last_a4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1697,8 +1692,8 @@ static KRML_MUSTINLINE void squeeze_last_77( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1717,8 +1712,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1728,18 +1722,16 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, + rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -1852,28 +1844,28 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -1887,28 +1879,28 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -1969,15 +1961,14 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -2068,32 +2059,28 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2106,7 +2093,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -2114,7 +2101,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -2122,7 +2109,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -2130,7 +2117,7 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 6a0f4aa3d..51745acca 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 5c6e1b03d..e9cc05643 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_internal_H @@ -1373,14 +1373,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1408,7 +1408,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1519,14 +1519,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1554,7 +1554,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1684,8 +1684,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1711,8 +1711,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1733,8 +1733,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1745,18 +1744,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1909,14 +1907,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1944,7 +1942,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2001,8 +1999,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2067,8 +2065,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2089,8 +2087,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2101,18 +2098,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2265,14 +2261,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2300,7 +2296,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2357,8 +2353,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2423,8 +2419,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2445,8 +2441,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2457,18 +2452,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2606,8 +2600,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2633,8 +2627,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2655,8 +2649,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2667,18 +2660,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2742,14 +2734,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2776,8 +2768,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2788,18 +2779,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2952,14 +2942,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2987,7 +2977,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3043,8 +3033,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3109,8 +3099,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3131,8 +3121,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3143,18 +3132,17 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, - rem, ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 410cf801c..0aff077db 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index f934f6423..22527915e 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 90358e0a5c7185a6ca5a058da9b43826827e5dfd + * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe */ #ifndef __libcrux_sha3_neon_H From 490a8664911fa33e785d629c78d6ee3dd85448e6 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Tue, 13 Aug 2024 15:55:31 -0700 Subject: [PATCH 09/16] More cosmetic changes for core_slice -- align convention with other macros in eurydice_glue.h --- libcrux-ml-kem/c/code_gen.txt | 4 +- libcrux-ml-kem/c/eurydice_glue.h | 14 ++--- libcrux-ml-kem/c/internal/libcrux_core.h | 4 +- .../c/internal/libcrux_mlkem_avx2.h | 4 +- .../c/internal/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 4 +- .../c/internal/libcrux_sha3_internal.h | 4 +- libcrux-ml-kem/c/libcrux_core.c | 4 +- libcrux-ml-kem/c/libcrux_core.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 52 +++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 4 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 4 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 52 +++++++++---------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 4 +- libcrux-ml-kem/c/libcrux_sha3.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 12 ++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 4 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 6 +-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 4 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 4 +- 36 files changed, 130 insertions(+), 130 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index e723c2449..f72ded992 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 +Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe +Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index d69631b89..a67112e4d 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -95,14 +95,14 @@ typedef struct { #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ Eurydice_array_eq -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index fc8ac46d8..623ee2e33 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 0cdbbba23..f34f0c2b5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 2a1c4a130..3440fb4f5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index e8973523d..8dda8c115 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index f32525ccb..da05fa1bd 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 15612ec34..530c51b41 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 75ee93307..0f2c87c60 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 35863ace6..d3de010b9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 2741fefc1..a1cb8218d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 346218da7..8a0166dc9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index bc1c96e81..6c4f44fb2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2c9ddcf4a..c05192ca4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index dfeb04196..985badcf2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index bd85d0d3f..4f7ed3b84 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4dfe273b1..4b2301d20 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index ad6bcfffc..34860cfb5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 81023ba82..ee244c401 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 648efde9f..464479327 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 2203e3d4f..1e3b6b0d7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 47eb50f62..00fc716d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 621907540..6368a10f6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 600c04eb6..0f4992a7e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index f9b13c6ca..5f9d39d90 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_mlkem_avx2.h" @@ -2443,7 +2443,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -3692,7 +3692,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -3916,7 +3916,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4537,7 +4537,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4688,17 +4688,17 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_c41( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -4718,7 +4718,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( G_a9_681( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5574,7 +5574,7 @@ static tuple_54 generate_keypair_unpacked_6c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -6311,7 +6311,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6535,7 +6535,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6787,7 +6787,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6919,17 +6919,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -6949,7 +6949,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( G_a9_680( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7797,7 +7797,7 @@ static tuple_4c generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -8526,7 +8526,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8750,7 +8750,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8960,7 +8960,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9091,17 +9091,17 @@ with const generics void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -9121,7 +9121,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 387e2688b..581fe5046 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 5e095170d..0c3f273f4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index b16ccff8b..2e870e044 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 8e3b74136..d94183ec5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_mlkem_portable.h" @@ -3704,7 +3704,7 @@ static tuple_540 generate_keypair_unpacked_f41( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -4877,7 +4877,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5102,7 +5102,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5669,7 +5669,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5823,17 +5823,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -5853,7 +5853,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( G_f1_b61( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6699,7 +6699,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -7475,7 +7475,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7700,7 +7700,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -7952,7 +7952,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8083,17 +8083,17 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -8113,7 +8113,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( G_f1_b60( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -8949,7 +8949,7 @@ static tuple_9b generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -9639,7 +9639,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -9864,7 +9864,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10075,7 +10075,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -10206,17 +10206,17 @@ libcrux_ml_kem_ind_cca_MlKem with const generics void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; @@ -10236,7 +10236,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 9f1fa404e..906bcf5b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 1db3feef1..ff949e742 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 21018855e..7566cbba9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "internal/libcrux_sha3_avx2.h" @@ -129,19 +129,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 51745acca..e52af2318 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index e9cc05643..c220f3851 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_internal_H @@ -158,7 +158,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 0aff077db..33441c4b0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 22527915e..392f45269 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -5,10 +5,10 @@ * * This code was generated with the following revisions: * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7b1f8fd8d41a07543f4812a53624b6cb77e3df21 + * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 37727e24f53f0a7f41c129784ad5aa5136c81cbe + * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 */ #ifndef __libcrux_sha3_neon_H From 0c66762ad2fdfb3f110ee362fa210bea0fecd265 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Wed, 14 Aug 2024 14:26:40 +0000 Subject: [PATCH 10/16] code update --- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/internal/libcrux_core.h | 8 +- .../c/internal/libcrux_mlkem_avx2.h | 8 +- .../c/internal/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 8 +- .../c/internal/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_core.c | 8 +- libcrux-ml-kem/c/libcrux_core.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 8 +- libcrux-ml-kem/c/libcrux_sha3.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 8 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 8 +- libcrux-ml-kem/cg.yaml | 3 + libcrux-ml-kem/cg/CMakeLists.txt | 13 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 32 +- .../cg/intrinsics/libcrux_intrinsics_avx2.h | 8 +- libcrux-ml-kem/cg/karamel/target.h | 8 +- libcrux-ml-kem/cg/libcrux_core.h | 193 ++-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 12 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 987 +++++++++--------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 916 ++++++++-------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 231 ++-- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 420 ++++---- libcrux-ml-kem/src/ind_cca.rs | 7 +- 48 files changed, 1615 insertions(+), 1503 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index f72ded992..ba5d875e5 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 +Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 +Eurydice: 99662476dd28a9804b424c103638a01c38192491 Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 +F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 623ee2e33..da8519687 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_core_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index f34f0c2b5..61e13adf5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 3440fb4f5..8bb1670f5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 8dda8c115..a21a1ea77 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index da05fa1bd..d241665d9 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 530c51b41..04876b464 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_core.h" diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 0f2c87c60..516d272b4 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index d3de010b9..8c75ddb2b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index a1cb8218d..b88959233 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem1024_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 8a0166dc9..4df590c69 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 6c4f44fb2..f3972ee47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem1024_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index c05192ca4..2d6df8a83 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 985badcf2..4fad52629 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 4f7ed3b84..105246cbd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem512_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4b2301d20..a44306c02 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 34860cfb5..cd8fdcf86 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem512_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index ee244c401..fbf4c704a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 464479327..9e38f6ac7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 1e3b6b0d7..7db84cb52 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem768_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 00fc716d5..a8b4c34fb 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 6368a10f6..1b9a4635c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem768_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 0f4992a7e..c2711fec9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 5f9d39d90..1d64639b8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_mlkem_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 581fe5046..f3407c5c8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 0c3f273f4..8423fab45 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 2e870e044..da5369479 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index d94183ec5..2740a4100 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_mlkem_portable.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 906bcf5b1..43b255e31 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index ff949e742..84ec271c7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 7566cbba9..2f9a9aad5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index e52af2318..9d01f7976 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index c220f3851..4540827a1 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 33441c4b0..5c3fac29b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 392f45269..cafe0e86c 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: ac3b60749a07243c06d207eb938156996495e3b5 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 97db7bc6fbcaa3763c7579c1259fea71c78bd468 + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_neon_H diff --git a/libcrux-ml-kem/cg.yaml b/libcrux-ml-kem/cg.yaml index d4a28b48e..c306d615c 100644 --- a/libcrux-ml-kem/cg.yaml +++ b/libcrux-ml-kem/cg.yaml @@ -121,3 +121,6 @@ naming: skip_prefix: - [ core, core_arch, arm_shared, neon ] - [ core, core_arch, x86 ] + - [ core, option ] + - [ core, result ] + - [ core, array ] diff --git a/libcrux-ml-kem/cg/CMakeLists.txt b/libcrux-ml-kem/cg/CMakeLists.txt index 036fa6f18..4d33faa9a 100644 --- a/libcrux-ml-kem/cg/CMakeLists.txt +++ b/libcrux-ml-kem/cg/CMakeLists.txt @@ -14,13 +14,9 @@ set(CMAKE_C_STANDARD 11) set(CMAKE_CXX_STANDARD 20) if(NOT MSVC) - # TODO: Clean up add_compile_options( -Wall - # -Wextra - # -pedantic - # -Wconversion - # -Wsign-conversion + -fstack-usage $<$:-g> $<$:-Og> $<$:-g> @@ -28,6 +24,13 @@ if(NOT MSVC) ) endif(NOT MSVC) +if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND + CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND + CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6")) + add_compile_options(-Werror -Wframe-larger-than=25344) +endif() + set(CMAKE_COLOR_DIAGNOSTICS "ON") include_directories( ${PROJECT_SOURCE_DIR} diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 6acb4d397..ba5d875e5 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 67f4341506300372fba9cb8de070234935839cb7 -Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 +Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 +Eurydice: 99662476dd28a9804b424c103638a01c38192491 +Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 +Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 2d6575328..5b967874d 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -1,3 +1,10 @@ +/* + * SPDX-FileCopyrightText: 2024 Eurydice Contributors + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 + */ + #pragma once #if defined(__cplusplus) @@ -77,8 +84,8 @@ typedef struct { EURYDICE_SLICE((t *)x, 0, r) #define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, r, size) -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -86,21 +93,21 @@ typedef struct { #define core_array___core__clone__Clone_for__Array_T__N___20__clone( \ len, src, dst, elem_type, _ret_t) \ (memcpy(dst, src, len * sizeof(elem_type))) -#define core_array_TryFromSliceError uint8_t +#define TryFromSliceError uint8_t #define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ Eurydice_array_eq -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the @@ -153,9 +160,8 @@ static inline uint8_t core_num__u8_6__wrapping_sub(uint8_t x, uint8_t y) { #define Eurydice_range_iter_next(iter_ptr, t, ret_t) \ (((iter_ptr)->start == (iter_ptr)->end) \ - ? (CLITERAL(ret_t){.tag = core_option_None}) \ - : (CLITERAL(ret_t){.tag = core_option_Some, \ - .f0 = (iter_ptr)->start++})) + ? (CLITERAL(ret_t){.tag = None}) \ + : (CLITERAL(ret_t){.tag = Some, .f0 = (iter_ptr)->start++})) #define core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next \ Eurydice_range_iter_next diff --git a/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h index dd7f4d9c3..b51a17c1d 100644 --- a/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/cg/intrinsics/libcrux_intrinsics_avx2.h @@ -1,9 +1,7 @@ /* - This file was generated by KaRaMeL - KaRaMeL invocation: - /nix/store/c9m211bm84ncjmaxx27ki9dymd4qkwm2-ocaml4.14.1-eurydice-dirty/eurydice - --config ../c.yaml ../../libcrux_ml_kem.llbc F* version: KaRaMeL - version: + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 */ #ifndef __libcrux_intrinsics_avx2_H diff --git a/libcrux-ml-kem/cg/karamel/target.h b/libcrux-ml-kem/cg/karamel/target.h index 1c90a9bbb..a315a8e0d 100644 --- a/libcrux-ml-kem/cg/karamel/target.h +++ b/libcrux-ml-kem/cg/karamel/target.h @@ -1,5 +1,11 @@ /* Copyright (c) INRIA and Microsoft Corporation. All rights reserved. - Licensed under the Apache 2.0 License. */ + * Licensed under the Apache 2.0 License. + * + * SPDX-FileCopyrightText: 2024 INRIA and Microsoft Corporation + * SPDX-FileCopyrightText: 2024 Cryspen Sarl + * + * SPDX-License-Identifier: Apache-2.0 + */ #ifndef __KRML_TARGET_H #define __KRML_TARGET_H diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 07f561d00..a8c471574 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_core_H @@ -30,20 +30,20 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; -#define core_option_None 0 -#define core_option_Some 1 +#define None 0 +#define Some 1 -typedef uint8_t core_option_Option_ef_tags; +typedef uint8_t Option_ef_tags; /** A monomorphic instance of core.option.Option with types size_t */ -typedef struct core_option_Option_b3_s { - core_option_Option_ef_tags tag; +typedef struct Option_b3_s { + Option_ef_tags tag; size_t f0; -} core_option_Option_b3; +} Option_b3; static inline uint16_t core_num__u16_7__wrapping_add(uint16_t x0, uint16_t x1); @@ -78,23 +78,23 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define core_result_Ok 0 -#define core_result_Err 1 +#define Ok 0 +#define Err 1 -typedef uint8_t core_result_Result_6f_tags; +typedef uint8_t Result_6f_tags; /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_6f_s { - core_result_Result_6f_tags tag; +typedef struct Result_6f_s { + Result_6f_tags tag; union { uint8_t case_Ok[24U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_6f; +} Result_6f; /** This function found in impl {core::result::Result} @@ -104,9 +104,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[24size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_1c(core_result_Result_6f self, - uint8_t ret[24U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_1c(Result_6f self, uint8_t ret[24U]) { + if (self.tag == Ok) { uint8_t f0[24U]; memcpy(f0, self.val.case_Ok, (size_t)24U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)24U * sizeof(uint8_t)); @@ -122,13 +121,13 @@ A monomorphic instance of core.result.Result with types uint8_t[20size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_7a_s { - core_result_Result_6f_tags tag; +typedef struct Result_7a_s { + Result_6f_tags tag; union { uint8_t case_Ok[20U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_7a; +} Result_7a; /** This function found in impl {core::result::Result} @@ -138,9 +137,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[20size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_34(core_result_Result_7a self, - uint8_t ret[20U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_34(Result_7a self, uint8_t ret[20U]) { + if (self.tag == Ok) { uint8_t f0[20U]; memcpy(f0, self.val.case_Ok, (size_t)20U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)20U * sizeof(uint8_t)); @@ -156,13 +154,13 @@ A monomorphic instance of core.result.Result with types uint8_t[10size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_cd_s { - core_result_Result_6f_tags tag; +typedef struct Result_cd_s { + Result_6f_tags tag; union { uint8_t case_Ok[10U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_cd; +} Result_cd; /** This function found in impl {core::result::Result} @@ -172,9 +170,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[10size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_e8(core_result_Result_cd self, - uint8_t ret[10U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_e8(Result_cd self, uint8_t ret[10U]) { + if (self.tag == Ok) { uint8_t f0[10U]; memcpy(f0, self.val.case_Ok, (size_t)10U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)10U * sizeof(uint8_t)); @@ -204,10 +201,10 @@ A monomorphic instance of core.option.Option with types libcrux_ml_kem_types_MlKemPublicKey[[$1184size_t]] */ -typedef struct core_option_Option_92_s { - core_option_Option_ef_tags tag; +typedef struct Option_92_s { + Option_ef_tags tag; libcrux_ml_kem_types_MlKemPublicKey_15 f0; -} core_option_Option_92; +} Option_92; typedef struct libcrux_ml_kem_mlkem768_MlKem768Ciphertext_s { uint8_t value[1088U]; @@ -224,26 +221,27 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_8a( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_77( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_b6_4c(uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_from_c7_14(uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + uint8_t ret[1184U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1184U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -275,27 +273,28 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_c9(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_d5(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_05_a7(uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_from_22_a7(uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + uint8_t ret[2400U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)2400U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -320,11 +319,12 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_f5(uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); +libcrux_ml_kem_types_from_01_9c(uint8_t value[1088U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -356,11 +356,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -370,13 +369,13 @@ A monomorphic instance of core.result.Result with types uint8_t[32size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_00_s { - core_result_Result_6f_tags tag; +typedef struct Result_00_s { + Result_6f_tags tag; union { uint8_t case_Ok[32U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_00; +} Result_00; /** This function found in impl {core::result::Result} @@ -386,9 +385,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[32size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_83(core_result_Result_00 self, - uint8_t ret[32U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { + if (self.tag == Ok) { uint8_t f0[32U]; memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); @@ -411,11 +409,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -429,7 +426,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_47( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_16( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, Eurydice_slice); @@ -447,11 +444,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -468,11 +464,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t, size_t), + uint8_t, Eurydice_slice), slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -482,13 +477,13 @@ A monomorphic instance of core.result.Result with types int16_t[16size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_c0_s { - core_result_Result_6f_tags tag; +typedef struct Result_c0_s { + Result_6f_tags tag; union { int16_t case_Ok[16U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_c0; +} Result_c0; /** This function found in impl {core::result::Result} @@ -498,9 +493,8 @@ A monomorphic instance of core.result.unwrap_41 with types int16_t[16size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_f9(core_result_Result_c0 self, - int16_t ret[16U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_f9(Result_c0 self, int16_t ret[16U]) { + if (self.tag == Ok) { int16_t f0[16U]; memcpy(f0, self.val.case_Ok, (size_t)16U * sizeof(int16_t)); memcpy(ret, f0, (size_t)16U * sizeof(int16_t)); @@ -516,13 +510,13 @@ A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ -typedef struct core_result_Result_56_s { - core_result_Result_6f_tags tag; +typedef struct Result_56_s { + Result_6f_tags tag; union { uint8_t case_Ok[8U]; - core_array_TryFromSliceError case_Err; + TryFromSliceError case_Err; } val; -} core_result_Result_56; +} Result_56; /** This function found in impl {core::result::Result} @@ -532,9 +526,8 @@ A monomorphic instance of core.result.unwrap_41 with types uint8_t[8size_t], core_array_TryFromSliceError */ -static inline void core_result_unwrap_41_ac(core_result_Result_56 self, - uint8_t ret[8U]) { - if (self.tag == core_result_Ok) { +static inline void unwrap_41_ac(Result_56 self, uint8_t ret[8U]) { + if (self.tag == Ok) { uint8_t f0[8U]; memcpy(f0, self.val.case_Ok, (size_t)8U * sizeof(uint8_t)); memcpy(ret, f0, (size_t)8U * sizeof(uint8_t)); diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 63d4774f7..391f9ccc3 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_ct_ops_H @@ -46,8 +46,8 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); + i++) { size_t i0 = i; r = (uint32_t)r | ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 09cb085ac..ef1d49a0d 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_avx2_H @@ -733,13 +733,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), combined0); uint8_t ret0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, ret0); + unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -852,13 +852,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( Eurydice_slice), upper_8); uint8_t ret0[10U]; - core_result_Result_cd dst; + Result_cd dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[10U], void *); - core_result_unwrap_41_e8(dst, ret0); + unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -967,13 +967,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( Eurydice_slice), upper_8); uint8_t ret0[20U]; - core_result_Result_7a dst; + Result_7a dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[20U], void *); - core_result_unwrap_41_34(dst, ret0); + unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1117,13 +1117,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( Eurydice_slice), upper_8); uint8_t ret0[24U]; - core_result_Result_6f dst; + Result_6f dst; Eurydice_slice_to_array2( &dst, Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[24U], void *); - core_result_unwrap_41_1c(dst, ret0); + unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1291,7 +1291,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_70(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_60(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -1303,14 +1303,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -1330,7 +1328,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1338,7 +1336,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1348,7 +1346,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_40( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_3e( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1377,7 +1375,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_11(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bd(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -1389,7 +1387,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1441,9 +1439,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e7( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( vector); } @@ -1455,21 +1453,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, Eurydice_slice); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( coefficient); } return re; @@ -1483,7 +1479,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1535,9 +1531,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e70( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( vector); } @@ -1549,21 +1545,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_ae( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_9f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, Eurydice_slice); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df0( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( coefficient); } return re; @@ -1577,9 +1571,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_d7(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1742,7 +1736,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_09( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, @@ -1773,7 +1767,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1781,10 +1775,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -1799,9 +1792,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f9( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_09(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1816,7 +1809,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1868,9 +1861,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e71( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( vector); } @@ -1882,20 +1875,19 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_00( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, Eurydice_slice); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df1( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( coefficient); } return re; @@ -1909,7 +1901,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1961,9 +1953,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_e72( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( vector); } @@ -1975,21 +1967,19 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_aa( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_38( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_df2( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( re.coefficients[i0]); } return re; @@ -2003,9 +1993,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_00(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0(serialized); } /** @@ -2091,7 +2081,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, Eurydice_slice), __m256i, size_t); @@ -2109,7 +2099,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2136,7 +2126,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2159,7 +2149,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2180,7 +2170,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); @@ -2199,7 +2189,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2214,7 +2204,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_df( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2232,20 +2222,20 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_78(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ba(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_1f(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_a2(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); } @@ -2262,7 +2252,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_56( +libcrux_ml_kem_polynomial_subtract_reduce_89_f4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2292,7 +2282,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_d0( +libcrux_ml_kem_matrix_compute_message_8d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2305,8 +2295,8 @@ libcrux_ml_kem_matrix_compute_message_d0( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_56(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_f4(v, result); return result; } @@ -2317,7 +2307,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2331,9 +2321,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_4e( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_1a( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_e8(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(vector); } /** @@ -2345,7 +2335,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_a4(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_4e(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_1a(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2359,7 +2349,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_4a( +libcrux_ml_kem_serialize_compress_then_serialize_message_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2374,7 +2364,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_4a( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2417,21 +2407,21 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_35(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8f( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_d0(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_8d(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_4a(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2446,22 +2436,23 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_b1(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_3b(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_40(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_87(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2521,7 +2512,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -2540,14 +2531,12 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -2574,7 +2563,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -2582,7 +2571,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2592,7 +2581,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( ring_element); deserialized_pk[i0] = uu____0; } @@ -2663,9 +2652,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( + copy_of_input); } /** @@ -2989,17 +2980,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca(uu____0); + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -3007,17 +3001,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_79(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); } memcpy( ret, ret0, @@ -3040,23 +3038,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3227,8 +3227,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3276,8 +3275,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -3391,11 +3389,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3412,13 +3411,14 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], Eurydice_slice)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3434,7 +3434,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_8f(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_96(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -3451,17 +3451,18 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -3478,13 +3479,14 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47(uint8_t prf_input[33U], Eurydice_slice)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -3529,7 +3531,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_ee(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_a3(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -3544,7 +3546,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_91( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3569,7 +3571,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3579,7 +3581,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -3589,7 +3591,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3603,8 +3605,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_00( libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_91(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3618,7 +3620,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_91(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_52(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3633,7 +3635,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_d5(); @@ -3644,7 +3646,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_91(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_52(coefficient_compressed); } return re; } @@ -3661,7 +3663,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3692,7 +3694,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_71( +libcrux_ml_kem_matrix_compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3706,8 +3708,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_71( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_57(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_67( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( error_2, message, result); return result; } @@ -3720,7 +3722,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3775,9 +3777,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_98( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f4( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( vector); } @@ -3789,13 +3791,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_2f( +libcrux_ml_kem_serialize_compress_then_serialize_10_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_98( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f4( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3803,7 +3805,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_2f( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3819,7 +3821,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3874,9 +3876,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_980( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f40( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f0( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( vector); } @@ -3888,13 +3890,13 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_d1( +libcrux_ml_kem_serialize_compress_then_serialize_11_63( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_980( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f40( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3902,7 +3904,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_d1( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3919,10 +3921,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_2f(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_f0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3939,11 +3941,11 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -3957,9 +3959,9 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_b2(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3974,7 +3976,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4029,9 +4031,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_981( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f41( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f1( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( vector); } @@ -4043,18 +4045,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_b7( +libcrux_ml_kem_serialize_compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_981( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f41( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -4071,7 +4073,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4126,9 +4128,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_982( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f42( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_2f2( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( vector); } @@ -4140,18 +4142,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_35( +libcrux_ml_kem_serialize_compress_then_serialize_5_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_982( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_f42( libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -4169,9 +4171,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_b7(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); } /** @@ -4233,24 +4235,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_47( - uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00( + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -4266,25 +4270,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_88( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_00(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_6c(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_b9(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_71( + libcrux_ml_kem_matrix_compute_ring_element_v_04( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_84( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_39( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -4309,12 +4315,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_8e(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -4325,36 +4331,40 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_fb(Eurydice_slice public_key, libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4370,11 +4380,11 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_da( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_41( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -4403,32 +4413,32 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be( +static inline void libcrux_ml_kem_ind_cca_decapsulate_13( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -4437,7 +4447,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4448,28 +4458,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da( + libcrux_ml_kem_ind_cca_kdf_43_41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -4504,10 +4515,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_13(private_key, ciphertext, ret); } /** @@ -4521,7 +4532,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_73(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed(private_key, ciphertext, ret); } @@ -4581,11 +4592,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -4594,7 +4605,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -4603,7 +4614,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4618,22 +4629,23 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_10( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -4671,10 +4683,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_10(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c(key_pair, ciphertext, ret); } /** @@ -4688,7 +4700,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_82( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( private_key, ciphertext, ret); } @@ -4703,10 +4715,10 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -4747,11 +4759,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d2( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -4765,10 +4777,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4776,33 +4788,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_82( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_da(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4825,13 +4841,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -4846,10 +4863,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_2d(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( + uu____0, copy_of_randomness); } /** @@ -4871,7 +4889,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_09( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4881,7 +4899,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -4890,7 +4908,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -4898,25 +4916,28 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_88(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4943,14 +4964,16 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_09(uu____0, + copy_of_randomness); } /** @@ -4967,10 +4990,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_2e( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( + uu____0, copy_of_randomness); } /** @@ -5058,7 +5082,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], @@ -5068,7 +5092,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5146,7 +5170,7 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -5158,21 +5182,23 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5180,35 +5206,40 @@ static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -5235,7 +5266,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5259,7 +5290,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2, @@ -5274,7 +5305,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( uint8_t, Eurydice_slice); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5303,15 +5334,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5342,13 +5372,19 @@ libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -5371,29 +5407,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5401,13 +5437,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5433,7 +5468,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_36(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5455,15 +5490,11 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -5482,11 +5513,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); } /** @@ -5495,10 +5527,11 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_52( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( + copy_of_randomness); } /** @@ -5516,7 +5549,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_fb(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_1d(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -5534,7 +5567,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); @@ -5553,7 +5586,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_25( +libcrux_ml_kem_polynomial_clone_d5_7c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5577,7 +5610,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -5594,14 +5627,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_7b(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_25(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_7c(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5624,26 +5657,30 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uint8_t randomness[64U]) { Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); + unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5665,11 +5702,13 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_78(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1( + copy_of_randomness); } /** @@ -5679,10 +5718,11 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_ed( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( + copy_of_randomness); } /** @@ -5697,7 +5737,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d7( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5708,10 +5748,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_3e( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_77(ciphertext), uint8_t, Eurydice_slice), ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5745,32 +5785,32 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_130( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_b1(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -5779,7 +5819,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5790,28 +5830,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_be0( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e( + libcrux_ml_kem_ind_cca_kdf_6c_d7( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5847,10 +5888,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_be0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_130(private_key, ciphertext, ret); } /** @@ -5864,7 +5905,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_fd( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( private_key, ciphertext, ret); } @@ -5879,7 +5920,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); } @@ -5904,11 +5945,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -5922,10 +5963,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_65( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5933,33 +5974,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_820( libcrux_ml_kem_hash_functions_avx2_G_a9_68( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_fb(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_3e(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5985,13 +6030,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -6006,10 +6052,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_0f( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( + uu____0, copy_of_randomness); } /** @@ -6021,7 +6068,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c00( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc0( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_d5(); } @@ -6041,7 +6088,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; @@ -6049,7 +6096,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6059,7 +6106,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_dd( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( ring_element); deserialized_pk[i0] = uu____0; } @@ -6077,10 +6124,10 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_cf( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_77( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_5d0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); @@ -6108,9 +6155,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); } /** @@ -6119,16 +6166,14 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( Returns `Some(public_key)` if valid, and `None` otherwise. */ KRML_ATTRIBUTE_TARGET("avx2") -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_avx2_validate_public_key( +static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_04( + Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); + uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + uu____0 = (CLITERAL(Option_92){.tag = None}); } return uu____0; } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 3cd6940e7..90c129eb6 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_mlkem768_portable_H @@ -134,13 +134,13 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( Eurydice_slice array) { libcrux_ml_kem_vector_portable_vector_type_PortableVector lit; int16_t ret[16U]; - core_result_Result_c0 dst; + Result_c0 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, Eurydice_slice), Eurydice_slice, int16_t[16U], void *); - core_result_unwrap_41_f9(dst, ret); + unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; } @@ -1081,10 +1081,10 @@ libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329( .end = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR}), core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { - core_option_Option_b3 uu____0 = + Option_b3 uu____0 = core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3); - if (!(uu____0.tag == core_option_None)) { + &iter, size_t, Option_b3); + if (!(uu____0.tag == None)) { size_t i = uu____0.f0; if (v.elements[i] >= (int16_t)3329) { size_t uu____1 = i; @@ -2372,7 +2372,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, uint8_t, uint8_t *, uint8_t); @@ -2550,7 +2550,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_17(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_77(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -2561,14 +2561,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -2589,7 +2587,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2597,7 +2595,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2607,7 +2605,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_29( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_59( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2635,7 +2633,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_34(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b8(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -2684,14 +2682,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, @@ -2751,14 +2747,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_64( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_51( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, @@ -2780,9 +2774,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_f5(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2950,7 +2944,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_48( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, @@ -2980,7 +2974,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2988,10 +2982,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, + uint8_t, Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -3006,9 +2999,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38( (size_t)10U / (size_t)8U, uint8_t, Eurydice_slice); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_f4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_65(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_48(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3060,13 +3053,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, @@ -3126,14 +3118,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_93( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_5e( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, @@ -3155,9 +3145,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_9b(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8(serialized); } /** @@ -3243,7 +3233,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3265,7 +3255,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3291,7 +3281,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3313,7 +3303,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3335,7 +3325,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3356,7 +3346,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3371,7 +3361,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_87( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3388,20 +3378,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_9f(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_a6(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_61(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_b7(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); } @@ -3417,7 +3407,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_79( +libcrux_ml_kem_polynomial_subtract_reduce_89_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3449,7 +3439,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b8( +libcrux_ml_kem_matrix_compute_message_5f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3462,8 +3452,8 @@ libcrux_ml_kem_matrix_compute_message_b8( &u_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_79(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_7f(v, result); return result; } @@ -3522,7 +3512,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_fb( +libcrux_ml_kem_serialize_compress_then_serialize_message_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3539,7 +3529,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_fb( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3581,21 +3571,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_38(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_f7( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b8(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_5f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_fb(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_6a(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3609,22 +3599,23 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_39(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_cc(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_29(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3680,7 +3671,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_06( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -3698,14 +3689,12 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, @@ -3733,7 +3722,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -3741,7 +3730,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3751,7 +3740,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( ring_element); deserialized_pk[i0] = uu____0; } @@ -3813,11 +3802,12 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, Eurydice_slice)); } - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); libcrux_ml_kem_hash_functions_portable_PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -3835,10 +3825,11 @@ generics static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( - uu____0); + copy_of_input); } /** @@ -4141,18 +4132,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( - uu____0); + copy_of_seeds); uint8_t randomness0[3U][504U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( &xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; @@ -4160,17 +4153,21 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t randomness[3U][168U]; libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( &xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret0[i] = libcrux_ml_kem_sampling_sample_from_xof_closure_99(uu____3[i]); + ret0[i] = + libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); } memcpy( ret, ret0, @@ -4193,23 +4190,25 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t)); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j; } - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(uu____1, sampled); + libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4362,8 +4361,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -4410,8 +4408,7 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( @@ -4524,11 +4521,12 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], for (size_t i = (size_t)0U; i < (size_t)3U; i++) { re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4545,13 +4543,14 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], Eurydice_slice)); libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4567,7 +4566,7 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_da(size_t _i) { +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_de(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -4584,17 +4583,18 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t)); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t)); } for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; @@ -4611,13 +4611,14 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c(uint8_t prf_input[33U], Eurydice_slice)); error_1[i0] = uu____1; } - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4659,7 +4660,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_79(size_t _i) { +libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -4673,7 +4674,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_08( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4700,7 +4701,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4710,7 +4711,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -4720,7 +4721,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -4734,8 +4735,8 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a1( libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_08(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4749,7 +4750,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_89( +libcrux_ml_kem_vector_traits_decompress_1_f3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4764,7 +4765,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_39(); @@ -4777,7 +4778,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6( (size_t)2U * i0 + (size_t)2U, uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_89(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_f3(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4794,7 +4795,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4827,7 +4828,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_1f( +libcrux_ml_kem_matrix_compute_ring_element_v_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4841,8 +4842,8 @@ libcrux_ml_kem_matrix_compute_ring_element_v_1f( &r_as_ntt[i0]); libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_86(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_8b( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( error_2, message, result); return result; } @@ -4888,7 +4889,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_3b( +libcrux_ml_kem_serialize_compress_then_serialize_10_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4903,7 +4904,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_3b( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4952,7 +4953,7 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_e1( +libcrux_ml_kem_serialize_compress_then_serialize_11_56( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -4967,7 +4968,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_e1( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -4983,10 +4984,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_3b(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_19(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -5002,11 +5003,11 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -5020,9 +5021,9 @@ static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, Eurydice_slice); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_2f(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5070,7 +5071,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_e5( +libcrux_ml_kem_serialize_compress_then_serialize_4_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5082,7 +5083,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_e5( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), @@ -5132,7 +5133,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_a3( +libcrux_ml_kem_serialize_compress_then_serialize_5_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -5144,7 +5145,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_a3( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, (size_t)10U * i0 + (size_t)10U, uint8_t, Eurydice_slice), @@ -5161,9 +5162,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_e5(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_07(re, out); } /** @@ -5225,24 +5226,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_2c( - uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76( + copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -5258,25 +5261,27 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a1(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_a7(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_f6(uu____4); + libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( + copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_1f( + libcrux_ml_kem_matrix_compute_ring_element_v_9d( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_24( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_31( + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t, Eurydice_slice)); @@ -5301,12 +5306,12 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_72( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), t_as_ntt); @@ -5317,36 +5322,40 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_0d(Eurydice_slice public_key, libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, randomness, - ret1); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____3, copy_of_message, + randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5361,11 +5370,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0a( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -5393,32 +5402,32 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_88( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5a( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -5427,7 +5436,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5438,28 +5447,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_88( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc( + libcrux_ml_kem_ind_cca_kdf_43_0a( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -5494,10 +5504,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_88(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5a(private_key, ciphertext, ret); } /** @@ -5510,7 +5520,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_f9( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( private_key, ciphertext, ret); } @@ -5570,11 +5580,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_89( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_41( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( @@ -5583,7 +5593,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, uint8_t, Eurydice_slice), @@ -5592,7 +5602,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5607,22 +5617,23 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_05( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____3, uu____4, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( + uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice)); uint8_t ret0[32U]; @@ -5659,10 +5670,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_05(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_89(key_pair, ciphertext, ret); } /** @@ -5675,7 +5686,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_f6( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( private_key, ciphertext, ret); } @@ -5689,10 +5700,10 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); @@ -5731,11 +5742,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ad( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -5749,10 +5760,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -5760,33 +5771,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_cc(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5808,13 +5823,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); } /** @@ -5828,10 +5844,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_67(uu____0, - uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( + uu____0, copy_of_randomness); } /** @@ -5853,7 +5870,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5863,7 +5880,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, Eurydice_slice), @@ -5872,7 +5889,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -5880,25 +5897,28 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_57( Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_6c(uu____2, uu____3, pseudorandomness, - ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, + uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f5(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5924,14 +5944,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_57(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6(uu____0, + copy_of_randomness); } /** @@ -5947,10 +5969,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_65( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( + uu____0, copy_of_randomness); } /** @@ -6038,7 +6061,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], @@ -6048,7 +6071,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6126,7 +6149,7 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; @@ -6138,21 +6161,23 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uu____3, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator) .fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6160,35 +6185,40 @@ static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -6214,7 +6244,7 @@ libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( Eurydice_slice uu____0 = Eurydice_array_to_subslice2( serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6237,7 +6267,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0, @@ -6252,7 +6282,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( uint8_t, Eurydice_slice); uint8_t ret0[384U]; libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6280,15 +6310,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice_from( + (size_t)1184U, public_key_serialized, (size_t)1152U, + uint8_t, size_t, Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -6319,13 +6348,19 @@ libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { uint8_t secret_key_serialized[1152U]; libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -6347,29 +6382,29 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, + Eurydice_slice), private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), + uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, + Eurydice_slice), public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice); uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6377,13 +6412,12 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -6409,7 +6443,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6431,15 +6465,11 @@ libcrux_ml_kem_ind_cca_generate_keypair_c2(uint8_t randomness[64U]) { Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, Eurydice_slice), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a7(uu____1); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(uu____3)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -6458,11 +6488,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); } /** @@ -6470,10 +6501,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_ff( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( + copy_of_randomness); } /** @@ -6491,7 +6523,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_34(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_24(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -6509,7 +6541,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); @@ -6527,7 +6559,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_5e( +libcrux_ml_kem_polynomial_clone_d5_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6554,7 +6586,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, @@ -6571,14 +6603,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_48(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_5e(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_88(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6601,26 +6633,30 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uint8_t randomness[64U]) { Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; - core_result_Result_00 dst; + Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, uint8_t[32U], void *); - core_result_unwrap_41_83(dst, implicit_rejection_value); + unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6641,11 +6677,13 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_35(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89( + copy_of_randomness); } /** @@ -6654,10 +6692,11 @@ libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_3a( - uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( + copy_of_randomness); } /** @@ -6671,7 +6710,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_cd( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6682,10 +6721,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_72( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_8a(ciphertext), + libcrux_ml_kem_types_as_slice_d4_77(ciphertext), uint8_t, Eurydice_slice), ret0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6718,32 +6757,32 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_880( +static inline void libcrux_ml_kem_ind_cca_decapsulate_5a0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_39(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice), @@ -6752,7 +6791,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); @@ -6763,28 +6802,29 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_880( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_47(ciphertext), uint8_t, void *); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), + uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_04( Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____5, uu____6, pseudorandomness, - expected_ciphertext); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72( + libcrux_ml_kem_ind_cca_kdf_6c_cd( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t, Eurydice_slice), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_47(ciphertext), + libcrux_ml_kem_types_as_ref_00_16(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, @@ -6820,10 +6860,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_880(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_5a0(private_key, ciphertext, ret); } /** @@ -6836,7 +6876,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_09( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( private_key, ciphertext, ret); } @@ -6850,7 +6890,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); } @@ -6874,11 +6914,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_780( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_f0( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), randomness0); uint8_t to_hash[64U]; @@ -6892,10 +6932,10 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( uint8_t ret[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_2e( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_f2(public_key), + libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice), ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -6903,33 +6943,37 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_440( libcrux_ml_kem_hash_functions_portable_G_f1_b6( Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_0d(uu____2, uu____3, pseudorandomness, - ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f5(uu____4); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_72(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6955,13 +6999,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); } /** @@ -6975,10 +7020,11 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_a7( - uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( + uu____0, copy_of_randomness); } /** @@ -6989,7 +7035,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_060( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad0( size_t _i) { return libcrux_ml_kem_polynomial_ZERO_89_39(); } @@ -7008,7 +7054,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; @@ -7016,7 +7062,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); } for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7026,7 +7072,7 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_ad( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( ring_element); deserialized_pk[i0] = uu____0; } @@ -7043,10 +7089,10 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_35( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_3f( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_720( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice), deserialized_pk); @@ -7073,9 +7119,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** @@ -7083,16 +7129,14 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( Returns `Some(public_key)` if valid, and `None` otherwise. */ -static inline core_option_Option_92 -libcrux_ml_kem_mlkem768_portable_validate_public_key( +static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { - core_option_Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_e1( + Option_92 uu____0; + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( public_key.value)) { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, - .f0 = public_key}); + uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { - uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_None}); + uu____0 = (CLITERAL(Option_92){.tag = None}); } return uu____0; } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index d3a29b153..1f7c19dfa 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_avx2_H @@ -148,10 +148,11 @@ usize> for core::core_arch::x86::__m256i)} KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_n_ef( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - libcrux_sha3_simd_avx2_slice_4(uu____0, start, len, ret0); + libcrux_sha3_simd_avx2_slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -162,19 +163,19 @@ libcrux_sha3_simd_avx2_split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -320,28 +321,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -356,28 +357,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -406,9 +407,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_c7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + libcrux_sha3_simd_avx2_load_block_c7(uu____0, copy_of_b); } /** @@ -1660,9 +1662,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_91(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_91(uu____0, copy_of_b); } /** @@ -1676,15 +1679,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -1769,32 +1771,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1807,7 +1805,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -1815,7 +1813,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -1823,7 +1821,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -1831,7 +1829,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), @@ -1857,17 +1855,20 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; libcrux_sha3_simd_avx2_store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1905,8 +1906,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1975,8 +1976,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1998,28 +1999,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( libcrux_sha3_generic_keccak_KeccakState_29 s = libcrux_sha3_generic_keccak_new_1e_16(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - libcrux_sha3_simd_avx2_slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, - ret); + libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, + (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2039,8 +2040,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_4size_t__x2 uu____5 = @@ -2149,28 +2150,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( uint8_t u8s[32U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____1 = Eurydice_array_to_subslice2( u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____2 = Eurydice_array_to_subslice2( u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____2, Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____3 = Eurydice_array_to_subslice2( u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____3, Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice), @@ -2185,28 +2186,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( uint8_t u8s0[32U] = {0U}; Eurydice_slice uu____4 = Eurydice_array_to_subslice2( u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____5 = Eurydice_array_to_subslice2( u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), uint8_t, void *); Eurydice_slice uu____7 = Eurydice_array_to_subslice2( u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice), @@ -2254,9 +2255,10 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_910(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + libcrux_sha3_simd_avx2_load_block_full_910(uu____0, copy_of_b); } /** @@ -2270,15 +2272,14 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2375,32 +2376,28 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( s[i0][j0]); Eurydice_slice uu____0 = Eurydice_slice_subslice2( out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____2 = Eurydice_slice_subslice2( out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, + uint8_t, Eurydice_slice), + uint8_t, void *); Eurydice_slice uu____3 = Eurydice_slice_subslice2( out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy(uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, + uint8_t, Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2413,7 +2410,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____4 = Eurydice_slice_subslice2(out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____4, Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice), @@ -2421,7 +2418,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____5 = Eurydice_slice_subslice2(out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____5, Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice), @@ -2429,7 +2426,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____6 = Eurydice_slice_subslice2(out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____6, Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice), @@ -2437,7 +2434,7 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( Eurydice_slice uu____7 = Eurydice_slice_subslice2(out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____7, Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice), diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 16738841a..68c9b12fa 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 + * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 + * Eurydice: 99662476dd28a9804b424c103638a01c38192491 + * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 9307ab926afbe89fd8e61ffec8dd95a500c18f33 + * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 */ #ifndef __libcrux_sha3_portable_H @@ -147,17 +147,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -241,14 +242,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -268,9 +269,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); } /** @@ -1392,9 +1394,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); } /** @@ -1407,15 +1410,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1443,7 +1445,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1461,9 +1463,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1498,8 +1501,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1564,8 +1567,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1586,28 +1589,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -1627,8 +1630,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -1655,9 +1658,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); } /** @@ -1680,14 +1684,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -1707,9 +1711,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); } /** @@ -1752,9 +1757,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); } /** @@ -1767,15 +1773,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1803,7 +1808,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -1821,9 +1826,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1859,8 +1865,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1925,8 +1931,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -1947,28 +1953,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -1988,8 +1994,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2016,9 +2022,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); } /** @@ -2041,15 +2048,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2076,28 +2082,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2117,8 +2123,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2145,9 +2151,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); } /** @@ -2267,14 +2274,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2306,9 +2313,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); } /** @@ -2321,15 +2329,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2367,7 +2374,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2508,14 +2515,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2535,9 +2542,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); } /** @@ -2580,9 +2588,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); } /** @@ -2595,15 +2604,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2631,7 +2639,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -2649,9 +2657,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2687,8 +2696,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2753,8 +2762,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -2775,28 +2784,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2816,8 +2825,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -2844,9 +2853,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); } /** @@ -2869,14 +2879,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; uint8_t uu____0[8U]; - core_result_Result_56 dst; + Result_56 dst; Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, Eurydice_slice), Eurydice_slice, uint8_t[8U], void *); - core_result_unwrap_41_ac(dst, uu____0); + unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; s[uu____1][uu____2] = @@ -2896,9 +2906,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); } /** @@ -2941,9 +2952,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); } /** @@ -2956,15 +2968,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2992,7 +3003,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), uint8_t, void *); @@ -3010,9 +3021,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3048,8 +3060,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3114,8 +3126,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3136,28 +3148,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -3177,8 +3189,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -3205,9 +3217,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); } /** @@ -3311,9 +3324,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); } /** @@ -3343,9 +3357,10 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( Eurydice_slice buf[1U] = { Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3381,8 +3396,8 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3408,8 +3423,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, core_ops_range_Range_b3, Eurydice_slice), @@ -3430,28 +3445,28 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -3471,8 +3486,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( core_ops_range_Range_b3, core_ops_range_Range_b3); while (true) { if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( - &iter, size_t, core_option_Option_b3) - .tag == core_option_None) { + &iter, size_t, Option_b3) + .tag == None) { break; } else { Eurydice_slice_uint8_t_1size_t__x2 uu____5 = @@ -3499,9 +3514,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); } /** diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 7127c1704..4137cab1d 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,7 +1,8 @@ use crate::{ constant_time_ops::{ - compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, + compare_ciphertexts_in_constant_time, compare_ciphertexts_select_shared_secret_in_constant_time, + select_shared_secret_in_constant_time, }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -140,9 +141,9 @@ fn generate_keypair< implicit_rejection_value, ); let private_key: MlKemPrivateKey = - MlKemPrivateKey::from(secret_key_serialized); + MlKemPrivateKey::from(&secret_key_serialized); - MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) + MlKemKeyPair::from(private_key, MlKemPublicKey::from(&public_key)) } fn encapsulate< From 05f346c50828a5c9425969ade7ed12fb62020453 Mon Sep 17 00:00:00 2001 From: Jonathan Protzenko Date: Wed, 14 Aug 2024 10:44:42 -0700 Subject: [PATCH 11/16] More code quality --- libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 37 +- libcrux-ml-kem/c/internal/libcrux_core.h | 94 +- .../c/internal/libcrux_mlkem_avx2.h | 52 +- .../c/internal/libcrux_mlkem_portable.h | 52 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 10 +- libcrux-ml-kem/c/libcrux_core.c | 197 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 56 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 52 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 2233 +++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 16 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 2537 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 10 +- libcrux-ml-kem/c/libcrux_sha3.h | 26 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 536 ++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 10 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 265 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 10 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 10 +- 36 files changed, 2928 insertions(+), 3623 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index ba5d875e5..2546e250a 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 -Eurydice: 99662476dd28a9804b424c103638a01c38192491 -Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b -F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 +Charon: 8de6020c10a3520a56fbf849176f8218e62435cf +Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 +Karamel: 98e5d604741a886e20a526f6673077a15e23cead +F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 +Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a67112e4d..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,10 +90,11 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) #define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ (CLITERAL(ret_t){ \ @@ -108,7 +109,7 @@ typedef struct { // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index da8519687..6c5e73354 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_core_H @@ -67,16 +67,16 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { } libcrux_ml_kem_utils_extraction_helper_Keypair768; /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( + uint8_t *value); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -91,21 +91,21 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( + uint8_t *value); /** This function found in impl {(core::convert::From<@Array> for @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( uint8_t value[1568U]); /** @@ -130,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -157,16 +157,16 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t ret[1600U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( + uint8_t *value); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -181,21 +181,21 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( + uint8_t *value); /** This function found in impl {(core::convert::From<@Array> for @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( uint8_t value[1088U]); /** @@ -220,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -232,7 +232,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -247,16 +247,16 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t ret[1120U]); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( + uint8_t *value); /** Create a new [`MlKemKeyPair`] from the secret and public key. @@ -271,21 +271,21 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( + uint8_t *value); /** This function found in impl {(core::convert::From<@Array> for @@ -296,7 +296,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( uint8_t value[768U]); /** @@ -310,7 +310,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( libcrux_ml_kem_types_MlKemPublicKey_be *self); /** @@ -367,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 61e13adf5..ff66f1ce5 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,7 +47,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]); /** Packed API @@ -70,7 +70,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +90,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -164,7 +164,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c41( +void libcrux_ml_kem_ind_cca_decapsulate_ff1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -176,7 +176,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -191,7 +191,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]); /** Packed API @@ -214,7 +214,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -234,7 +234,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,7 +282,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c40( +void libcrux_ml_kem_ind_cca_decapsulate_ff0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -320,7 +320,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -335,7 +335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]); /** Packed API @@ -357,7 +357,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( uint8_t randomness[64U]); /** @@ -378,7 +378,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -401,7 +401,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,7 +426,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -452,7 +452,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c4( +void libcrux_ml_kem_ind_cca_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 8bb1670f5..261c9cea8 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]); /** Packed API @@ -77,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_b01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]); /** Packed API @@ -225,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_b00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]); /** Packed API @@ -373,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index a21a1ea77..16e9fbe30 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index d241665d9..c4b5afc89 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 04876b464..f914d4cb2 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_core.h" @@ -34,12 +34,11 @@ static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } */ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); - i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -61,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -90,21 +88,21 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_4c1( - uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( + uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + uint8_t ret[1568U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1568U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1568U * sizeof(uint8_t)); return lit; } @@ -121,7 +119,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -129,21 +127,21 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_c91( } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_a71( - uint8_t value[3168U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[3168U]; - memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( + uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); + uint8_t ret[3168U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)3168U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -156,7 +154,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_f51( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -177,7 +175,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -191,10 +189,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } /** @@ -211,28 +208,27 @@ void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_4c0( - uint8_t value[1184U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1184U]; - memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( + uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); + uint8_t ret[1184U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1184U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -249,7 +245,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -257,21 +253,21 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_c90( } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_a70( - uint8_t value[2400U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[2400U]; - memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( + uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); + uint8_t ret[2400U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)2400U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -284,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_f50( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -305,7 +301,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -319,10 +315,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } /** @@ -339,28 +334,27 @@ void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPublicKey)#14} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPublicKey)#15} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_b6 +A monomorphic instance of libcrux_ml_kem.types.from_c7 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_4c( - uint8_t value[800U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[800U]; - memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( + uint8_t *value) { libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); + uint8_t ret[800U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)800U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)800U * sizeof(uint8_t)); return lit; } @@ -377,28 +371,28 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_c9( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<@Array> for -libcrux_ml_kem::types::MlKemPrivateKey)#8} +This function found in impl {(core::convert::From<&0 (@Array)> for +libcrux_ml_kem::types::MlKemPrivateKey)#9} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_05 +A monomorphic instance of libcrux_ml_kem.types.from_22 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_a7( - uint8_t value[1632U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1632U]; - memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( + uint8_t *value) { libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); + uint8_t ret[1632U]; + core_array___core__clone__Clone_for__Array_T__N___20__clone( + (size_t)1632U, value, ret, uint8_t, void *); + memcpy(lit.value, ret, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -411,7 +405,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_f5( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -432,7 +426,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_f2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } @@ -451,9 +445,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -491,9 +484,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -506,10 +498,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_ed( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } /** @@ -526,9 +517,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } @@ -546,9 +536,8 @@ void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 516d272b4..621327ab7 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 8c75ddb2b..41e98434c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index b88959233..cd940beb2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d8( +static void decapsulate_c7( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c40(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff0(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d8(private_key, ciphertext, ret); + decapsulate_c7(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ca( +static void decapsulate_unpacked_21( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ca(private_key, ciphertext, ret); + decapsulate_unpacked_21(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_b2( +static tuple_21 encapsulate_8e( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_820(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b2(uu____0, copy_of_randomness); + return encapsulate_8e(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_16( +static tuple_21 encapsulate_unpacked_2a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_16( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_16(uu____0, copy_of_randomness); + return encapsulate_unpacked_2a(uu____0, copy_of_randomness); } /** @@ -216,12 +216,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_f6( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_4b( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c22(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_360(copy_of_randomness); } /** @@ -232,7 +232,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_f6(copy_of_randomness); + return generate_keypair_4b(copy_of_randomness); } /** @@ -251,11 +251,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_d9(uint8_t randomness[64U]) { +generate_keypair_unpacked_4c(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00( copy_of_randomness); } @@ -268,7 +268,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d9(copy_of_randomness); + return generate_keypair_unpacked_4c(copy_of_randomness); } /** @@ -282,8 +282,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_570(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf0(public_key); +static bool validate_public_key_1b0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_770(public_key); } /** @@ -294,7 +294,7 @@ static bool validate_public_key_570(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_570(public_key.value)) { + if (validate_public_key_1b0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 4df590c69..658c5b92c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index f3972ee47..ed6f6e69f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_52( +static void decapsulate_15( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b01(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_52(private_key, ciphertext, ret); + decapsulate_15(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_b6( +static void decapsulate_unpacked_39( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_b6(private_key, ciphertext, ret); + decapsulate_unpacked_39(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_ec( +static tuple_21 encapsulate_09( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_441(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_781(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ec(uu____0, copy_of_randomness); + return encapsulate_09(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_9a( +static tuple_21 encapsulate_unpacked_62( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_9a( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_311(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_081(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_9a(uu____0, copy_of_randomness); + return encapsulate_unpacked_62(uu____0, copy_of_randomness); } /** @@ -217,12 +217,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_0e( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b5( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c24(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d71(copy_of_randomness); } /** @@ -233,7 +233,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_0e(copy_of_randomness); + return generate_keypair_b5(copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +generate_keypair_unpacked_b8(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4a(copy_of_randomness); + return generate_keypair_unpacked_b8(copy_of_randomness); } /** @@ -283,8 +283,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_e11(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_351(public_key); +static bool validate_public_key_241(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); } /** @@ -295,7 +295,7 @@ static bool validate_public_key_e11(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_e11(public_key.value)) { + if (validate_public_key_241(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 2d6df8a83..e20755c0c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 4fad52629..4181db559 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 105246cbd..31c416846 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d7(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c4(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_1d(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_1d(private_key, ciphertext, ret); + decapsulate_d7(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_50( +static void decapsulate_unpacked_30( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_50( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_50(private_key, ciphertext, ret); + decapsulate_unpacked_30(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_72( +static tuple_ec encapsulate_c4( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_82(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, copy_of_randomness); + return encapsulate_c4(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_14( +static tuple_ec encapsulate_unpacked_b9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_14( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, copy_of_randomness); + return encapsulate_unpacked_b9(uu____0, copy_of_randomness); } /** @@ -210,12 +210,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_27( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_8f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c2(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_27(copy_of_randomness); + return generate_keypair_8f(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_2c(uint8_t randomness[64U]) { +generate_keypair_unpacked_7a(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2c(copy_of_randomness); + return generate_keypair_unpacked_7a(copy_of_randomness); } /** @@ -276,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_57(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf(public_key); +static bool validate_public_key_1b(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); } /** @@ -288,7 +288,7 @@ static bool validate_public_key_57(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_57(public_key.value)) { + if (validate_public_key_1b(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index a44306c02..4e8b2bb37 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cd8fdcf86..9ff79924c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_be0( - libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, - libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f0(private_key, ciphertext, ret); +static void decapsulate_04(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, + libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, + uint8_t ret[32U]) { + libcrux_ml_kem_ind_cca_decapsulate_b00(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be0( void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_be0(private_key, ciphertext, ret); + decapsulate_04(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_06( +static void decapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_06( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_06(private_key, ciphertext, ret); + decapsulate_unpacked_d1(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_f3( +static tuple_ec encapsulate_0e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_440(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f3(uu____0, copy_of_randomness); + return encapsulate_0e(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_01( +static tuple_ec encapsulate_unpacked_2c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_01( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_310(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_080(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_01(uu____0, copy_of_randomness); + return encapsulate_unpacked_2c(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_df( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_33( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c21(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d70(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_df(copy_of_randomness); + return generate_keypair_33(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +generate_keypair_unpacked_fe(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_c0(copy_of_randomness); + return generate_keypair_unpacked_fe(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_e10(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_350(public_key); +static bool validate_public_key_240(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_e10(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_e10(public_key.value)) { + if (validate_public_key_240(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index fbf4c704a..68ee7a5da 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 9e38f6ac7..8cf5f4f40 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 7db84cb52..bd4ebc485 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_15( +static void decapsulate_2f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_c41(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_ff1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_15( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_2f(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_e1( +static void decapsulate_unpacked_57( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_e1( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_e1(private_key, ciphertext, ret); + decapsulate_unpacked_57(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_54( +static tuple_3c encapsulate_23( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_821(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_54(uu____0, copy_of_randomness); + return encapsulate_23(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_94( +static tuple_3c encapsulate_unpacked_cb( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_94( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_94(uu____0, copy_of_randomness); + return encapsulate_unpacked_cb(uu____0, copy_of_randomness); } /** @@ -210,12 +210,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_e4( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_2e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c23(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_361(copy_of_randomness); } /** @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_e4(copy_of_randomness); + return generate_keypair_2e(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_35(uint8_t randomness[64U]) { +generate_keypair_unpacked_cf(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_35(copy_of_randomness); + return generate_keypair_unpacked_cf(copy_of_randomness); } /** @@ -276,8 +276,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_571(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_cf1(public_key); +static bool validate_public_key_1b1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_771(public_key); } /** @@ -288,7 +288,7 @@ static bool validate_public_key_571(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_571(public_key.value)) { + if (validate_public_key_1b1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index a8b4c34fb..9b775c78d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 1b9a4635c..7cc0954b1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_be( +static void decapsulate_62( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_4f(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b0(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_be( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_be(private_key, ciphertext, ret); + decapsulate_62(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_d4( +static void decapsulate_unpacked_ad( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_de(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d4( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d4(private_key, ciphertext, ret); + decapsulate_unpacked_ad(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_13( +static tuple_3c encapsulate_35( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_44(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_13(uu____0, copy_of_randomness); + return encapsulate_35(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_1b( +static tuple_3c encapsulate_unpacked_be( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_1b( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_31(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_08(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1b(uu____0, copy_of_randomness); + return encapsulate_unpacked_be(uu____0, copy_of_randomness); } /** @@ -211,12 +211,12 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_ff( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_45( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_c20(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); } /** @@ -227,7 +227,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ff(copy_of_randomness); + return generate_keypair_45(copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_37(uint8_t randomness[64U]) { +generate_keypair_unpacked_05(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_37(copy_of_randomness); + return generate_keypair_unpacked_05(copy_of_randomness); } /** @@ -277,8 +277,8 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_e1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_35(public_key); +static bool validate_public_key_24(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); } /** @@ -289,7 +289,7 @@ static bool validate_public_key_e1(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_e1(public_key.value)) { + if (validate_public_key_24(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index c2711fec9..4a2c6effd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 1d64639b8..87c5873ba 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,8 +21,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -30,8 +29,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -63,8 +61,8 @@ __m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), + v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -535,39 +533,23 @@ void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = - mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsb_to_msb = mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, @@ -610,15 +592,13 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); __m128i combined0 = mm256_castsi256_si128(combined); mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -634,39 +614,23 @@ void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = - mm256_set_epi16((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsbs_to_msbs = mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, @@ -713,22 +677,19 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -744,23 +705,23 @@ void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + __m128i coefficients = + mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); __m256i coefficients_loaded0 = mm256_inserti128_si256( (int32_t)1, coefficients_loaded, coefficients, __m256i); @@ -819,22 +780,19 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( (int8_t)1, (int8_t)0)); __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, + (size_t)26U, uint8_t), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -855,13 +813,13 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = mm_shuffle_epi8( lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); __m128i upper_coefficients0 = mm_shuffle_epi8( upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); @@ -885,12 +843,11 @@ __m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -912,7 +869,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -952,20 +909,17 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i upper_8 = mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, + (size_t)28U, uint8_t), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -986,13 +940,13 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = mm_shuffle_epi8( lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); __m128i upper_coefficients0 = mm_shuffle_epi8( upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); @@ -1029,8 +983,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = mm_shuffle_epi8(lower_coefficients, lower_shuffles0); @@ -1041,15 +995,14 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); __m128i upper_coefficients = mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); __m128i upper_coefficients0 = mm_shuffle_epi8(upper_coefficients, upper_shuffles0); mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1116,14 +1069,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_dd(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_c5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); @@ -1144,14 +1096,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f24( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1159,9 +1111,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1174,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_98(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_b6(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1187,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_92(__m256i vector) { - return shift_right_98(vector); +static __m256i shift_right_ea_07(__m256i vector) { + return shift_right_b6(vector); } /** @@ -1198,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_a4(__m256i a) { - __m256i t = shift_right_ea_92(a); + __m256i t = shift_right_ea_07(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -1220,12 +1172,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -1248,22 +1197,19 @@ static KRML_MUSTINLINE void serialize_secret_key_ae1( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -1283,19 +1229,16 @@ static KRML_MUSTINLINE void serialize_public_key_d01( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_ae1(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1307,18 +1250,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_5d4( + deserialize_ring_elements_reduced_f24( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_d01( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1372,11 +1315,10 @@ shake128_init_absorb_4d1(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -1411,10 +1353,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1501,12 +1443,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1536,10 +1477,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1625,12 +1566,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1665,8 +1605,7 @@ from_i16_array_89_10(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -1679,8 +1618,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -1762,9 +1701,8 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1806,14 +1744,14 @@ static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1900,23 +1838,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -1932,8 +1869,8 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -1946,20 +1883,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -1977,8 +1913,8 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2198,11 +2134,11 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_a9_512(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( @@ -2295,10 +2231,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_971( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2362,9 +2297,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -2372,9 +2306,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f01( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -2444,8 +2377,8 @@ static tuple_9b0 generate_keypair_unpacked_6c1( uint8_t hashed[64U]; G_a9_681(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -2476,8 +2409,7 @@ static tuple_9b0 generate_keypair_unpacked_6c1( compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; @@ -2526,7 +2458,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e31( +static void closure_1a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -2542,7 +2474,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_48( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_25( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2578,27 +2510,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_e31(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1a1(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_25(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2611,16 +2542,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_831(uint8_t randomness[64U]) { serialize_public_key_d01( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; @@ -2663,10 +2593,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d01( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -2705,40 +2634,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_651(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -2763,15 +2687,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_e11(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -2780,23 +2703,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c23(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a70(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d50( + uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); } /** @@ -2811,7 +2725,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_001(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_d5();); @@ -2830,8 +2744,8 @@ sample_ring_element_cbd_471(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; @@ -2854,8 +2768,7 @@ with const generics static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2880,7 +2793,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_78( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_04( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2904,7 +2817,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ba( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_18( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2924,7 +2837,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_1f( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_94( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2942,7 +2855,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_df(__m256i a, __m256i b, int16_t zeta_r) { +inv_ntt_layer_int_vec_step_reduce_34(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); @@ -2957,7 +2870,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_75( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2972,7 +2885,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_a2( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_df( + inv_ntt_layer_int_vec_step_reduce_34( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2989,17 +2902,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_571( +static KRML_MUSTINLINE void invert_ntt_montgomery_be1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_04(&zeta_i, re); + invert_ntt_at_layer_2_18(&zeta_i, re); + invert_ntt_at_layer_3_94(&zeta_i, re); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_99(re); } @@ -3013,7 +2926,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_91( +static KRML_MUSTINLINE void add_error_reduce_89_46( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3037,7 +2950,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_001( +static KRML_MUSTINLINE void compute_vector_u_6c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3049,9 +2962,8 @@ static KRML_MUSTINLINE void compute_vector_u_001( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -3059,9 +2971,8 @@ static KRML_MUSTINLINE void compute_vector_u_001( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3069,8 +2980,8 @@ static KRML_MUSTINLINE void compute_vector_u_001( ntt_multiply_89_48(a_element, &r_as_ntt[j]); add_to_ring_element_89_971(&result[i1], &product); } - invert_ntt_montgomery_571(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_be1(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3083,7 +2994,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_91(__m256i v) { +static __m256i decompress_1_52(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3097,16 +3008,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_b9(uint8_t serialized[32U]) { +deserialize_then_decompress_message_84(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_91(coefficient_compressed);); + (size_t)2U * i0 + (size_t)2U, + uint8_t)); + re.coefficients[i0] = decompress_1_52(coefficient_compressed);); return re; } @@ -3121,7 +3032,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_67( +add_message_error_reduce_89_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3151,7 +3062,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_711( +compute_ring_element_v_041( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3161,8 +3072,8 @@ compute_ring_element_v_711( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + invert_ntt_montgomery_be1(&result); + result = add_message_error_reduce_89_37(error_2, message, result); return result; } @@ -3173,7 +3084,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a(__m256i vector) { +compress_ciphertext_coefficient_5d(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3220,8 +3131,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_80(__m256i vector) { - return compress_ciphertext_coefficient_8a(vector); +static __m256i compress_ea_e9(__m256i vector) { + return compress_ciphertext_coefficient_5d(vector); } /** @@ -3230,23 +3141,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_2f( +static KRML_MUSTINLINE void compress_then_serialize_10_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_80(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_e9(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3258,7 +3166,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a0(__m256i vector) { +compress_ciphertext_coefficient_5d0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3305,8 +3213,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_800(__m256i vector) { - return compress_ciphertext_coefficient_8a0(vector); +static __m256i compress_ea_e90(__m256i vector) { + return compress_ciphertext_coefficient_5d0(vector); } /** @@ -3316,10 +3224,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b2( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_2f(re, uu____0); + compress_then_serialize_10_f0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3335,29 +3243,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_841( +static void compress_then_serialize_u_551( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); + compress_then_serialize_ring_element_u_4d(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3368,7 +3272,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a1(__m256i vector) { +compress_ciphertext_coefficient_5d1(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3415,8 +3319,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_801(__m256i vector) { - return compress_ciphertext_coefficient_8a1(vector); +static __m256i compress_ea_e91(__m256i vector) { + return compress_ciphertext_coefficient_5d1(vector); } /** @@ -3425,22 +3329,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_b7( +static KRML_MUSTINLINE void compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_801(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_e91(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3451,7 +3353,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_8a2(__m256i vector) { +compress_ciphertext_coefficient_5d2(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3498,8 +3400,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_802(__m256i vector) { - return compress_ciphertext_coefficient_8a2(vector); +static __m256i compress_ea_e92(__m256i vector) { + return compress_ciphertext_coefficient_5d2(vector); } /** @@ -3508,22 +3410,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_35( +static KRML_MUSTINLINE void compress_then_serialize_5_73( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_802(to_unsigned_representative_a4(re.coefficients[i0])); + compress_ea_e92(to_unsigned_representative_a4(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3534,9 +3434,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_39( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_b7(re, out); + compress_then_serialize_4_59(re, out); } /** @@ -3597,7 +3497,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_881( +static void encrypt_unpacked_c61( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3615,7 +3515,7 @@ static void encrypt_unpacked_881( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b00 uu____3 = - sample_ring_element_cbd_471(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_001(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3623,35 +3523,33 @@ static void encrypt_unpacked_881( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_001(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_6c1(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_84(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_711(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_841( + compress_then_serialize_u_551( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_dd( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3673,27 +3571,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -3704,17 +3598,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_881(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c61(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3735,12 +3629,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e21(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a81(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3757,14 +3650,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f23( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3772,9 +3665,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3799,22 +3692,21 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8e1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_5d3( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_f23( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a21(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; @@ -3845,7 +3737,7 @@ static void encrypt_fb1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_881(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_c61(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3860,12 +3752,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_501(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4b1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3888,55 +3779,47 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_821( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e21( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_a81( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_fb1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_501(shared_secret, shared_secret_array); + kdf_af_4b1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3955,7 +3838,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_55(__m256i vector) { +decompress_ciphertext_coefficient_b7(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3999,8 +3882,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_1d(__m256i vector) { - return decompress_ciphertext_coefficient_55(vector); +static __m256i decompress_ciphertext_coefficient_ea_d8(__m256i vector) { + return decompress_ciphertext_coefficient_b7(vector); } /** @@ -4010,16 +3893,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_a7(Eurydice_slice serialized) { +deserialize_then_decompress_10_29(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d8(coefficient); } return re; } @@ -4031,7 +3913,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_550(__m256i vector) { +decompress_ciphertext_coefficient_b70(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4075,8 +3957,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_1d0(__m256i vector) { - return decompress_ciphertext_coefficient_550(vector); +static __m256i decompress_ciphertext_coefficient_ea_d80(__m256i vector) { + return decompress_ciphertext_coefficient_b70(vector); } /** @@ -4086,16 +3968,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_8d(Eurydice_slice serialized) { +deserialize_then_decompress_11_77(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d80(coefficient); } return re; } @@ -4107,8 +3988,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_10(Eurydice_slice serialized) { - return deserialize_then_decompress_10_a7(serialized); +deserialize_then_decompress_ring_element_u_ca(Eurydice_slice serialized) { + return deserialize_then_decompress_10_29(serialized); } /** @@ -4117,7 +3998,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_fe( +static KRML_MUSTINLINE void ntt_vector_u_29( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); @@ -4142,16 +4023,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( +static KRML_MUSTINLINE void deserialize_then_decompress_u_861( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4164,9 +4045,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b51( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); + ntt_vector_u_29(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4180,7 +4061,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_551(__m256i vector) { +decompress_ciphertext_coefficient_b71(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4224,8 +4105,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_1d1(__m256i vector) { - return decompress_ciphertext_coefficient_551(vector); +static __m256i decompress_ciphertext_coefficient_ea_d81(__m256i vector) { + return decompress_ciphertext_coefficient_b71(vector); } /** @@ -4235,16 +4116,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_9a(Eurydice_slice serialized) { +deserialize_then_decompress_4_a5(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_1d1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d81(coefficient); } return re; } @@ -4256,7 +4136,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_552(__m256i vector) { +decompress_ciphertext_coefficient_b72(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4300,8 +4180,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_1d2(__m256i vector) { - return decompress_ciphertext_coefficient_552(vector); +static __m256i decompress_ciphertext_coefficient_ea_d82(__m256i vector) { + return decompress_ciphertext_coefficient_b72(vector); } /** @@ -4311,17 +4191,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_75(Eurydice_slice serialized) { +deserialize_then_decompress_5_d9(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_1d2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_d82(re.coefficients[i0]); } return re; } @@ -4333,8 +4212,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b(Eurydice_slice serialized) { - return deserialize_then_decompress_4_9a(serialized); +deserialize_then_decompress_ring_element_v_ca(Eurydice_slice serialized) { + return deserialize_then_decompress_4_a5(serialized); } /** @@ -4348,7 +4227,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_63(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4376,7 +4255,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_221( +compute_message_4c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4385,8 +4264,8 @@ compute_message_221( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_571(&result); - result = subtract_reduce_89_63(v, result); + invert_ntt_montgomery_be1(&result); + result = subtract_reduce_89_f9(v, result); return result; } @@ -4396,7 +4275,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_ec( +static KRML_MUSTINLINE void compress_then_serialize_message_dc( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4407,12 +4286,10 @@ static KRML_MUSTINLINE void compress_then_serialize_message_ec( uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -4450,20 +4327,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_8c1( +static void decrypt_unpacked_f51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_b51(ciphertext, u_as_ntt); + deserialize_then_decompress_u_861(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( + deserialize_then_decompress_ring_element_v_ca( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_221(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_4c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); + compress_then_serialize_message_dc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4475,8 +4351,7 @@ with const generics static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4515,67 +4390,61 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b21( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f51(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_881(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c61(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4587,14 +4456,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_63(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_cc(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; @@ -4609,14 +4477,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_201( +static KRML_MUSTINLINE void deserialize_secret_key_6a1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4624,9 +4492,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_201( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); + deserialize_to_uncompressed_ring_element_cc(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4644,10 +4512,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_741(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_201(secret_key, secret_as_ntt); + deserialize_secret_key_6a1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4659,7 +4527,7 @@ static void decrypt_391(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_f51(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4685,12 +4553,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_c41( +void libcrux_ml_kem_ind_cca_decapsulate_ff1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -4704,22 +4571,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_391(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_741(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_681( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4728,36 +4592,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_c41( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_fb1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8e1(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_501( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_4b1(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_501(shared_secret0, shared_secret); + kdf_af_4b1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4775,14 +4635,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4790,9 +4650,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4818,22 +4678,19 @@ static KRML_MUSTINLINE void serialize_secret_key_ae0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } @@ -4853,19 +4710,16 @@ static KRML_MUSTINLINE void serialize_public_key_d00( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_ae0(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1568U, public_key_serialized, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4877,18 +4731,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_5d2( + deserialize_ring_elements_reduced_f22( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_d00( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4942,11 +4796,10 @@ shake128_init_absorb_4d0(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); return state; } @@ -4981,10 +4834,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -5074,12 +4927,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5109,10 +4961,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -5201,12 +5053,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5231,8 +5082,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5314,9 +5165,8 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5358,14 +5208,14 @@ static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5425,11 +5275,11 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_a9_511(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( @@ -5461,10 +5311,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5493,9 +5342,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -5503,9 +5351,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f00( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5575,8 +5422,8 @@ static tuple_54 generate_keypair_unpacked_6c0( uint8_t hashed[64U]; G_a9_680(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; @@ -5607,8 +5454,7 @@ static tuple_54 generate_keypair_unpacked_6c0( compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; @@ -5657,7 +5503,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_e30( +static void closure_1a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -5689,27 +5535,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_e30(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1a0(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_25(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5722,16 +5567,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_830(uint8_t randomness[64U]) { serialize_public_key_d00( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; @@ -5774,10 +5618,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d00( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -5816,40 +5659,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_650(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -5874,15 +5712,14 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_e10(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -5891,23 +5728,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c22(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a71(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d51( + uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); } /** @@ -5922,7 +5750,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_000(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_d5();); @@ -5941,8 +5769,8 @@ sample_ring_element_cbd_470(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; @@ -5978,17 +5806,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_570( +static KRML_MUSTINLINE void invert_ntt_montgomery_be0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_04(&zeta_i, re); + invert_ntt_at_layer_2_18(&zeta_i, re); + invert_ntt_at_layer_3_94(&zeta_i, re); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_99(re); } @@ -6001,7 +5829,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_000( +static KRML_MUSTINLINE void compute_vector_u_6c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -6013,9 +5841,8 @@ static KRML_MUSTINLINE void compute_vector_u_000( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -6023,9 +5850,8 @@ static KRML_MUSTINLINE void compute_vector_u_000( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -6033,8 +5859,8 @@ static KRML_MUSTINLINE void compute_vector_u_000( ntt_multiply_89_48(a_element, &r_as_ntt[j]); add_to_ring_element_89_970(&result[i1], &product); } - invert_ntt_montgomery_570(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_be0(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -6051,7 +5877,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_710( +compute_ring_element_v_040( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -6061,8 +5887,8 @@ compute_ring_element_v_710( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + invert_ntt_montgomery_be0(&result); + result = add_message_error_reduce_89_37(error_2, message, result); return result; } @@ -6072,23 +5898,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_d10( +static KRML_MUSTINLINE void compress_then_serialize_11_630( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_800(to_unsigned_representative_a4(re->coefficients[i0])); + compress_ea_e90(to_unsigned_representative_a4(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -6100,10 +5923,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_b20( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_d10(re, uu____0); + compress_then_serialize_11_630(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -6119,29 +5942,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_840( +static void compress_then_serialize_u_550( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_b20(&re, ret); + compress_then_serialize_ring_element_u_4d0(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -6152,9 +5971,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_390( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_35(re, out); + compress_then_serialize_5_73(re, out); } /** @@ -6215,7 +6034,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_880( +static void encrypt_unpacked_c60( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6233,7 +6052,7 @@ static void encrypt_unpacked_880( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_71 uu____3 = - sample_ring_element_cbd_470(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_000(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6241,36 +6060,33 @@ static void encrypt_unpacked_880( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_000(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_6c0(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_84(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_710(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_840( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_550( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_390( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_dd0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6292,27 +6108,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -6323,17 +6135,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_880(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c60(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6354,12 +6166,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e20(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a80(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6376,14 +6187,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f21( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6391,9 +6202,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6418,22 +6229,21 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8e0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_5d1( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_f21( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a20(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; @@ -6464,7 +6274,7 @@ static void encrypt_fb0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_880(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_c60(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6479,12 +6289,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_500(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4b0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6507,55 +6316,47 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_820( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e20( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_a80( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_fb0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_500(shared_secret, shared_secret_array); + kdf_af_4b0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6574,8 +6375,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_100(Eurydice_slice serialized) { - return deserialize_then_decompress_11_8d(serialized); +deserialize_then_decompress_ring_element_u_ca0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_77(serialized); } /** @@ -6584,7 +6385,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_fe0( +static KRML_MUSTINLINE void ntt_vector_u_290( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); @@ -6609,16 +6410,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( +static KRML_MUSTINLINE void deserialize_then_decompress_u_860( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6631,9 +6432,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b50( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_100(u_bytes); - ntt_vector_u_fe0(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca0(u_bytes); + ntt_vector_u_290(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6647,8 +6448,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_5b0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_75(serialized); +deserialize_then_decompress_ring_element_v_ca0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_d9(serialized); } /** @@ -6664,7 +6465,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_220( +compute_message_4c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6673,8 +6474,8 @@ compute_message_220( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_570(&result); - result = subtract_reduce_89_63(v, result); + invert_ntt_montgomery_be0(&result); + result = subtract_reduce_89_f9(v, result); return result; } @@ -6712,20 +6513,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_8c0( +static void decrypt_unpacked_f50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_b50(ciphertext, u_as_ntt); + deserialize_then_decompress_u_860(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b0( + deserialize_then_decompress_ring_element_v_ca0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_220(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_4c0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); + compress_then_serialize_message_dc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6764,68 +6564,62 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b20( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f50(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_880(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c60(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6839,14 +6633,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_200( +static KRML_MUSTINLINE void deserialize_secret_key_6a0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6854,9 +6648,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_200( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); + deserialize_to_uncompressed_ring_element_cc(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6874,10 +6668,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_740(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_200(secret_key, secret_as_ntt); + deserialize_secret_key_6a0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6889,7 +6683,7 @@ static void decrypt_390(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_f50(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6915,13 +6709,12 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_c40( +void libcrux_ml_kem_ind_cca_decapsulate_ff0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -6935,22 +6728,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_390(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_740(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_680( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6959,36 +6749,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_c40( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_fb0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_8e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_500( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_4b0(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_500(shared_secret0, shared_secret); + kdf_af_4b0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7006,14 +6792,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7021,9 +6807,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7049,22 +6835,19 @@ static KRML_MUSTINLINE void serialize_secret_key_ae( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_92(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } @@ -7085,17 +6868,15 @@ static KRML_MUSTINLINE void serialize_public_key_d0( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_ae(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)800U, public_key_serialized, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -7107,18 +6888,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_cf(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_5d0( + deserialize_ring_elements_reduced_f20( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_d0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7172,11 +6953,10 @@ shake128_init_absorb_4d(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -7211,10 +6991,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -7298,12 +7078,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7333,10 +7112,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7419,12 +7198,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7449,8 +7227,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( int16_t s[272U]) { - return from_i16_array_89_10(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_10( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7532,9 +7310,8 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7576,14 +7353,14 @@ static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7648,11 +7425,11 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_a9_51(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_47( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( @@ -7684,10 +7461,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7716,9 +7492,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -7726,9 +7501,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_f0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -7798,8 +7572,8 @@ static tuple_4c generate_keypair_unpacked_6c( uint8_t hashed[64U]; G_a9_68(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; @@ -7830,8 +7604,7 @@ static tuple_4c generate_keypair_unpacked_6c( compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; @@ -7880,7 +7653,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_e3( +static void closure_1a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_d5();); @@ -7912,27 +7685,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_e3(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1a(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_48(&ind_cpa_public_key.A[j][i1]); + clone_d5_25(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7945,16 +7717,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_83(uint8_t randomness[64U]) { serialize_public_key_d0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; @@ -7997,10 +7768,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_d0( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -8039,40 +7809,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_65(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -8096,16 +7861,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -8114,23 +7878,14 @@ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_c2( memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -8147,14 +7902,14 @@ static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -8191,7 +7946,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_d5();); @@ -8210,8 +7965,8 @@ sample_ring_element_cbd_47(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; @@ -8247,17 +8002,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_57( +static KRML_MUSTINLINE void invert_ntt_montgomery_be( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_78(&zeta_i, re); - invert_ntt_at_layer_2_ba(&zeta_i, re); - invert_ntt_at_layer_3_1f(&zeta_i, re); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_a2(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_04(&zeta_i, re); + invert_ntt_at_layer_2_18(&zeta_i, re); + invert_ntt_at_layer_3_94(&zeta_i, re); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_99(re); } @@ -8270,7 +8025,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_00( +static KRML_MUSTINLINE void compute_vector_u_6c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -8282,9 +8037,8 @@ static KRML_MUSTINLINE void compute_vector_u_00( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -8292,9 +8046,8 @@ static KRML_MUSTINLINE void compute_vector_u_00( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -8302,8 +8055,8 @@ static KRML_MUSTINLINE void compute_vector_u_00( ntt_multiply_89_48(a_element, &r_as_ntt[j]); add_to_ring_element_89_97(&result[i1], &product); } - invert_ntt_montgomery_57(&result[i1]); - add_error_reduce_89_91(&result[i1], &error_1[i1]); + invert_ntt_montgomery_be(&result[i1]); + add_error_reduce_89_46(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -8320,7 +8073,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_71( +compute_ring_element_v_04( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -8330,8 +8083,8 @@ compute_ring_element_v_71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = add_message_error_reduce_89_67(error_2, message, result); + invert_ntt_montgomery_be(&result); + result = add_message_error_reduce_89_37(error_2, message, result); return result; } @@ -8347,29 +8100,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_84( +static void compress_then_serialize_u_55( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_b2(&re, ret); + compress_then_serialize_ring_element_u_4d(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -8431,7 +8180,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_88( +static void encrypt_unpacked_c6( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8449,7 +8198,7 @@ static void encrypt_unpacked_88( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_74 uu____3 = - sample_ring_element_cbd_47(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_00(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8457,35 +8206,33 @@ static void encrypt_unpacked_88( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_470( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_00(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_6c(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_b9(copy_of_message); + deserialize_then_decompress_message_84(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_71(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_84( + compress_then_serialize_u_55( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_39( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_dd( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -8507,27 +8254,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -8538,17 +8281,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_1e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_88(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c6(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8569,12 +8312,11 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_e2(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_a8(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8591,14 +8333,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8606,9 +8348,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_5d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_dd(ring_element); + deserialize_to_reduced_ring_element_c5(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8633,22 +8375,21 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_8e(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_5d( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_f2( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_a2(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; @@ -8679,7 +8420,7 @@ static void encrypt_fb(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_88(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_c6(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8694,12 +8435,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_50(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_4b(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8722,55 +8462,47 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_82( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_e2( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_a8( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_fb(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_50(shared_secret, shared_secret_array); + kdf_af_4b(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8794,16 +8526,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( +static KRML_MUSTINLINE void deserialize_then_decompress_u_86( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8816,9 +8548,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b5( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_10(u_bytes); - ntt_vector_u_fe(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); + ntt_vector_u_29(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8838,7 +8570,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_22( +compute_message_4c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8847,8 +8579,8 @@ compute_message_22( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_57(&result); - result = subtract_reduce_89_63(v, result); + invert_ntt_montgomery_be(&result); + result = subtract_reduce_89_f9(v, result); return result; } @@ -8886,20 +8618,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_8c( +static void decrypt_unpacked_f5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_b5(ciphertext, u_as_ntt); + deserialize_then_decompress_u_86(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_5b( + deserialize_then_decompress_ring_element_v_ca( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_22(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_4c(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_ec(message, ret0); + compress_then_serialize_message_dc(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8938,67 +8669,61 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_b2( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_f5(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_88(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c6(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9012,14 +8737,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_20( +static KRML_MUSTINLINE void deserialize_secret_key_6a( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_d5();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9027,9 +8752,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_20( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_63(secret_bytes); + deserialize_to_uncompressed_ring_element_cc(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9047,10 +8772,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_74(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_20(secret_key, secret_as_ntt); + deserialize_secret_key_6a(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -9062,7 +8787,7 @@ static void decrypt_39(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_f5(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9088,12 +8813,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_c4( +void libcrux_ml_kem_ind_cca_decapsulate_ff( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -9107,22 +8831,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_39(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_74(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -9131,35 +8852,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_c4( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_fb(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_8e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_50( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_4b(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_50(shared_secret0, shared_secret); + kdf_af_4b(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index f3407c5c8..b79663481 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 8423fab45..0f4ebe8f1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_mlkem_neon.h" @@ -17,8 +17,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index da5369479..ab7713427 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 2740a4100..4c5b233f3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -75,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -95,68 +91,64 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -174,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -219,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -314,12 +295,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1547,19 +1526,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1575,26 +1552,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1605,11 +1582,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1635,32 +1612,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1676,11 +1653,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1714,40 +1689,24 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1756,11 +1715,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1788,44 +1746,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1840,11 +1798,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1877,37 +1833,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1916,17 +1871,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1964,60 +1917,52 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -2031,12 +1976,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2069,20 +2012,17 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2090,29 +2030,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2154,12 +2090,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2168,32 +2104,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2227,15 +2155,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2247,7 +2175,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2258,8 +2186,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2276,8 +2203,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2349,14 +2275,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_ad(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2379,14 +2304,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2394,9 +2319,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_724( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2467,12 +2392,9 @@ static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -2495,22 +2417,19 @@ static KRML_MUSTINLINE void serialize_secret_key_f81( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } @@ -2530,19 +2449,16 @@ static KRML_MUSTINLINE void serialize_public_key_801( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; serialize_secret_key_f81(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1568U, public_key_serialized, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2554,18 +2470,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_351(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_724( + deserialize_ring_elements_reduced_9f4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; serialize_public_key_801( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2630,11 +2546,11 @@ shake128_init_absorb_751(uint8_t input[4U][34U]) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; memcpy(copy_of_shake128_state, shake128_state, @@ -2676,8 +2592,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2755,12 +2670,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2786,11 +2700,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2868,12 +2782,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2909,8 +2822,7 @@ from_i16_array_89_6b(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2925,8 +2837,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -3009,9 +2921,8 @@ static KRML_MUSTINLINE void sample_matrix_A_231( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -3048,12 +2959,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -3131,23 +3041,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3163,8 +3072,8 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3177,20 +3086,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3208,8 +3116,8 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3447,11 +3355,11 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; PRFxN_f1_892(prf_inputs, prf_outputs); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( @@ -3549,10 +3457,8 @@ static KRML_MUSTINLINE void add_to_ring_element_89_931( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3622,9 +3528,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -3632,9 +3537,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da1( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -3705,8 +3609,8 @@ static tuple_540 generate_keypair_unpacked_f41( uint8_t hashed[64U]; G_f1_b61(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; @@ -3737,8 +3641,7 @@ static tuple_540 generate_keypair_unpacked_f41( compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; @@ -3788,7 +3691,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_571( +static void closure_841( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -3804,7 +3707,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_14( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3844,27 +3747,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_571(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_841(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_14(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3877,16 +3779,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e1(uint8_t randomness[64U]) { serialize_public_key_801( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; @@ -3930,10 +3831,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_801( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -3972,40 +3872,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e1(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } @@ -4031,15 +3926,14 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = generate_keypair_ec1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; @@ -4048,23 +3942,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c24(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; serialize_kem_secret_key_f2( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[3168U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_a71(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1568U]; - memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c91( - uu____2, libcrux_ml_kem_types_from_b6_4c1(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a71(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d51( + uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); } /** @@ -4080,7 +3965,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_761(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_39();); @@ -4099,8 +3984,8 @@ sample_ring_element_cbd_2c1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; @@ -4123,8 +4008,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4149,7 +4033,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_9f( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_d1( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4173,7 +4057,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_a6( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_ac( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4193,7 +4077,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_61( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4213,7 +4097,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_6f( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4233,7 +4117,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9b( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4248,7 +4132,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_b7( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_87( + inv_ntt_layer_int_vec_step_reduce_6f( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4265,17 +4149,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_861( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_d1(&zeta_i, re); + invert_ntt_at_layer_2_ac(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_2c(re); } @@ -4289,7 +4173,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_08( +static KRML_MUSTINLINE void add_error_reduce_89_6b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4316,7 +4200,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a11( +static KRML_MUSTINLINE void compute_vector_u_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -4328,9 +4212,8 @@ static KRML_MUSTINLINE void compute_vector_u_a11( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -4338,9 +4221,8 @@ static KRML_MUSTINLINE void compute_vector_u_a11( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -4348,8 +4230,8 @@ static KRML_MUSTINLINE void compute_vector_u_a11( ntt_multiply_89_d5(a_element, &r_as_ntt[j]); add_to_ring_element_89_931(&result[i1], &product); } - invert_ntt_montgomery_861(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b1(&result[i1]); + add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4363,7 +4245,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_89(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_f3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4377,7 +4259,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { +deserialize_then_decompress_message_a7(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4386,9 +4268,9 @@ deserialize_then_decompress_message_f6(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_89(coefficient_compressed); + decompress_1_f3(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4404,7 +4286,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_8b( +add_message_error_reduce_89_4e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4437,7 +4319,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f1( +compute_ring_element_v_9d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4447,8 +4329,8 @@ compute_ring_element_v_1f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + invert_ntt_montgomery_7b1(&result); + result = add_message_error_reduce_89_4e(error_2, message, result); return result; } @@ -4522,7 +4404,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_e10( +static KRML_MUSTINLINE void compress_then_serialize_11_560( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; @@ -4533,12 +4415,9 @@ static KRML_MUSTINLINE void compress_then_serialize_11_e10( uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4550,10 +4429,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_e10(re, uu____0); + compress_then_serialize_11_560(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } @@ -4569,29 +4448,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_241( +static void compress_then_serialize_u_3d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_2f0(&re, ret); + compress_then_serialize_ring_element_u_970(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -4633,7 +4508,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_e5( +static KRML_MUSTINLINE void compress_then_serialize_4_07( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4645,10 +4520,8 @@ static KRML_MUSTINLINE void compress_then_serialize_4_e5( libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4690,7 +4563,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a3( +static KRML_MUSTINLINE void compress_then_serialize_5_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; @@ -4702,10 +4575,8 @@ static KRML_MUSTINLINE void compress_then_serialize_5_a3( libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4716,9 +4587,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_310( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_a3(re, out); + compress_then_serialize_5_00(re, out); } /** @@ -4780,7 +4651,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c1( +static void encrypt_unpacked_611( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4798,7 +4669,7 @@ static void encrypt_unpacked_6c1( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_710 uu____3 = - sample_ring_element_cbd_2c1(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_761(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4806,36 +4677,33 @@ static void encrypt_unpacked_6c1( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a11(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a71(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_a7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9d1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_241( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_3d1( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_310( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_a00( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4858,27 +4726,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -4889,17 +4753,17 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_311( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_6c1(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_611(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4920,12 +4784,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_44(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_6b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4942,14 +4805,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4957,9 +4820,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_723( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4985,22 +4848,21 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_121(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_723( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9f3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_231(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; @@ -5031,7 +4893,7 @@ static void encrypt_0d1(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_6c1(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_611(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -5046,12 +4908,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_c2(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -5074,55 +4935,47 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_441( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_44( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_6b( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_f21(public_key), uint8_t, - Eurydice_slice); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_0d1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_121(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f51(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_c2(shared_secret, shared_secret_array); + kdf_af_ef(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5178,14 +5031,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_e9(Eurydice_slice serialized) { +deserialize_then_decompress_10_23(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5239,14 +5091,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_f5(Eurydice_slice serialized) { +deserialize_then_decompress_11_70(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5263,8 +5114,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_890(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f5(serialized); +deserialize_then_decompress_ring_element_u_820(Eurydice_slice serialized) { + return deserialize_then_decompress_11_70(serialized); } /** @@ -5273,7 +5124,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_ed0( +static KRML_MUSTINLINE void ntt_vector_u_180( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); @@ -5298,16 +5149,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( +static KRML_MUSTINLINE void deserialize_then_decompress_u_701( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1568U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5320,9 +5171,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b11( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_890(u_bytes); - ntt_vector_u_ed0(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_820(u_bytes); + ntt_vector_u_180(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5373,14 +5224,13 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { +deserialize_then_decompress_4_91(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5434,14 +5284,13 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_53(Eurydice_slice serialized) { +deserialize_then_decompress_5_ec(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = @@ -5458,8 +5307,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_300(Eurydice_slice serialized) { - return deserialize_then_decompress_5_53(serialized); +deserialize_then_decompress_ring_element_v_520(Eurydice_slice serialized) { + return deserialize_then_decompress_5_ec(serialized); } /** @@ -5473,7 +5322,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7d(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5504,7 +5353,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb1( +compute_message_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5513,8 +5362,8 @@ compute_message_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_931(&result, &product);); - invert_ntt_montgomery_861(&result); - result = subtract_reduce_89_7d(v, result); + invert_ntt_montgomery_7b1(&result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -5524,7 +5373,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_3a( +static KRML_MUSTINLINE void compress_then_serialize_message_00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5537,12 +5386,10 @@ static KRML_MUSTINLINE void compress_then_serialize_message_3a( uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -5580,20 +5427,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_e71( +static void decrypt_unpacked_a71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_b11(ciphertext, u_as_ntt); + deserialize_then_decompress_u_701(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_300( + deserialize_then_decompress_ring_element_v_520( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_00(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5605,8 +5451,7 @@ with const generics static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5646,68 +5491,62 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a71(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_6c1(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_611(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5719,14 +5558,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_05(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_5e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5743,14 +5581,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_011( +static KRML_MUSTINLINE void deserialize_secret_key_7c1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5758,9 +5596,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_011( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_5e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5778,10 +5616,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_451(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_011(secret_key, secret_as_ntt); + deserialize_secret_key_7c1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5793,7 +5631,7 @@ static void decrypt_c21(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5819,13 +5657,12 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f1( +void libcrux_ml_kem_ind_cca_decapsulate_b01( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -5839,22 +5676,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c21(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_451(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b61( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5863,36 +5697,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f1( libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_0d1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_121(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_c2( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_ef(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_c2(shared_secret0, shared_secret); + kdf_af_ef(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed1(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_751(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5910,14 +5740,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5925,9 +5755,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_722( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5953,22 +5783,19 @@ static KRML_MUSTINLINE void serialize_secret_key_f80( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } @@ -5989,17 +5816,15 @@ static KRML_MUSTINLINE void serialize_public_key_800( Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; serialize_secret_key_f80(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)800U, public_key_serialized, (size_t)768U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6011,18 +5836,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_350(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_722( + deserialize_ring_elements_reduced_9f2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; serialize_public_key_800( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6087,11 +5912,11 @@ shake128_init_absorb_750(uint8_t input[2U][34U]) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; memcpy(copy_of_shake128_state, shake128_state, @@ -6133,8 +5958,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -6212,12 +6036,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6243,11 +6066,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6325,12 +6148,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6356,8 +6178,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -6440,9 +6262,8 @@ static KRML_MUSTINLINE void sample_matrix_A_230( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -6479,12 +6300,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6544,11 +6364,11 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; PRFxN_f1_890(prf_inputs, prf_outputs); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_660( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( @@ -6583,10 +6403,8 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6617,9 +6435,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -6627,9 +6444,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -6700,8 +6516,8 @@ static tuple_4c0 generate_keypair_unpacked_f40( uint8_t hashed[64U]; G_f1_b60(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; @@ -6732,8 +6548,7 @@ static tuple_4c0 generate_keypair_unpacked_f40( compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; @@ -6783,7 +6598,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_570( +static void closure_840( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -6816,27 +6631,26 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_570(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_840(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_14(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6849,16 +6663,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e0(uint8_t randomness[64U]) { serialize_public_key_800( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; @@ -6902,10 +6715,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_800( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -6944,40 +6756,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e0(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } @@ -7003,15 +6810,14 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = generate_keypair_ec0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; @@ -7020,23 +6826,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c21(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; serialize_kem_secret_key_41( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1632U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_a7(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[800U]; - memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c9( - uu____2, libcrux_ml_kem_types_from_b6_4c(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a7(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d5( + uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); } /** @@ -7048,12 +6845,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -7085,7 +6881,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_760(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_39();); @@ -7104,8 +6900,8 @@ sample_ring_element_cbd_2c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; @@ -7141,17 +6937,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_860( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_d1(&zeta_i, re); + invert_ntt_at_layer_2_ac(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_2c(re); } @@ -7164,7 +6960,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a10( +static KRML_MUSTINLINE void compute_vector_u_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -7176,9 +6972,8 @@ static KRML_MUSTINLINE void compute_vector_u_a10( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -7186,9 +6981,8 @@ static KRML_MUSTINLINE void compute_vector_u_a10( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -7196,8 +6990,8 @@ static KRML_MUSTINLINE void compute_vector_u_a10( ntt_multiply_89_d5(a_element, &r_as_ntt[j]); add_to_ring_element_89_930(&result[i1], &product); } - invert_ntt_montgomery_860(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b0(&result[i1]); + add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -7214,7 +7008,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f0( +compute_ring_element_v_9d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -7224,8 +7018,8 @@ compute_ring_element_v_1f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + invert_ntt_montgomery_7b0(&result); + result = add_message_error_reduce_89_4e(error_2, message, result); return result; } @@ -7235,7 +7029,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_3b( +static KRML_MUSTINLINE void compress_then_serialize_10_19( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; @@ -7246,12 +7040,9 @@ static KRML_MUSTINLINE void compress_then_serialize_10_3b( uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -7263,10 +7054,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_2f( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_3b(re, uu____0); + compress_then_serialize_10_19(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -7282,29 +7073,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_240( +static void compress_then_serialize_u_3d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -7315,9 +7102,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_31( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_e5(re, out); + compress_then_serialize_4_07(re, out); } /** @@ -7379,7 +7166,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c0( +static void encrypt_unpacked_610( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7397,7 +7184,7 @@ static void encrypt_unpacked_6c0( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_740 uu____3 = - sample_ring_element_cbd_2c0(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_760(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7405,35 +7192,33 @@ static void encrypt_unpacked_6c0( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a10(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a70(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_a7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9d0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_240( + compress_then_serialize_u_3d0( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_a0( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -7456,27 +7241,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -7487,17 +7268,17 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_310( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_6c0(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_610(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7518,12 +7299,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5d(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_3b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -7540,14 +7320,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7555,9 +7335,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_721( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7583,22 +7363,21 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_120(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_721( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9f1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_230(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; @@ -7629,7 +7408,7 @@ static void encrypt_0d0(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_6c0(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_610(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7644,12 +7423,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e8(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_e0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -7672,55 +7450,47 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_440( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_3b( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_f2(public_key), uint8_t, - Eurydice_slice); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_0d0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_120(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_f5(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_e8(shared_secret, shared_secret_array); + kdf_af_e0(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7739,8 +7509,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_89(Eurydice_slice serialized) { - return deserialize_then_decompress_10_e9(serialized); +deserialize_then_decompress_ring_element_u_82(Eurydice_slice serialized) { + return deserialize_then_decompress_10_23(serialized); } /** @@ -7749,7 +7519,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_ed( +static KRML_MUSTINLINE void ntt_vector_u_18( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); @@ -7774,16 +7544,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( +static KRML_MUSTINLINE void deserialize_then_decompress_u_700( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)768U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7796,9 +7566,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b10( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); + ntt_vector_u_18(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7812,8 +7582,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_30(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_52(Eurydice_slice serialized) { + return deserialize_then_decompress_4_91(serialized); } /** @@ -7829,7 +7599,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb0( +compute_message_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7838,8 +7608,8 @@ compute_message_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_930(&result, &product);); - invert_ntt_montgomery_860(&result); - result = subtract_reduce_89_7d(v, result); + invert_ntt_montgomery_7b0(&result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -7877,20 +7647,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e70( +static void decrypt_unpacked_a70( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_b10(ciphertext, u_as_ntt); + deserialize_then_decompress_u_700(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_52( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_00(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7930,67 +7699,61 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a70(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_6c0(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_610(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8004,14 +7767,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_010( +static KRML_MUSTINLINE void deserialize_secret_key_7c0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8019,9 +7782,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_010( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_5e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8039,10 +7802,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_450(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_010(secret_key, secret_as_ntt); + deserialize_secret_key_7c0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -8054,7 +7817,7 @@ static void decrypt_c20(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a70(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8080,12 +7843,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f0( +void libcrux_ml_kem_ind_cca_decapsulate_b00( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -8099,22 +7861,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c20(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_450(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b60( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -8123,36 +7882,32 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f0( libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_0d0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_120(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e8( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_e0(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e8(shared_secret0, shared_secret); + kdf_af_e0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_75(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8170,14 +7925,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8185,9 +7940,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_720( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8213,22 +7968,19 @@ static KRML_MUSTINLINE void serialize_secret_key_f8( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; serialize_uncompressed_ring_element_f6(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -8248,19 +8000,16 @@ static KRML_MUSTINLINE void serialize_public_key_80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; serialize_secret_key_f8(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -8272,18 +8021,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_35(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_720( + deserialize_ring_elements_reduced_9f0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; serialize_public_key_80( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -8348,11 +8097,11 @@ shake128_init_absorb_75(uint8_t input[3U][34U]) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; memcpy(copy_of_shake128_state, shake128_state, @@ -8394,8 +8143,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -8473,12 +8221,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8504,11 +8251,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -8586,12 +8333,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8617,8 +8363,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( int16_t s[272U]) { - return from_i16_array_89_6b(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_6b( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -8701,9 +8447,8 @@ static KRML_MUSTINLINE void sample_matrix_A_23( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -8740,12 +8485,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -8794,11 +8538,11 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; PRFxN_f1_89(prf_inputs, prf_outputs); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], - uint8_t, Eurydice_slice)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + re_as_ntt[i0] = sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( @@ -8833,10 +8577,8 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -8867,9 +8609,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -8877,9 +8618,8 @@ static KRML_MUSTINLINE void compute_As_plus_e_da( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -8950,8 +8690,8 @@ static tuple_9b generate_keypair_unpacked_f4( uint8_t hashed[64U]; G_f1_b6(key_generation_seed, hashed); Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -8982,8 +8722,7 @@ static tuple_9b generate_keypair_unpacked_f4( compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; @@ -9033,7 +8772,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_57( +static void closure_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_39();); @@ -9066,27 +8805,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_57(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_84(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_84(&ind_cpa_public_key.A[j][i1]); + clone_d5_14(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -9099,16 +8837,15 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_0e(uint8_t randomness[64U]) { serialize_public_key_80( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; @@ -9152,10 +8889,9 @@ static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_80( + pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ @@ -9194,40 +8930,35 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_2e(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -9253,15 +8984,14 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = generate_keypair_ec(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; @@ -9270,23 +9000,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_c20(uint8_t randomness[64U]) { memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[2400U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_a70(copy_of_secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key[1184U]; - memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_c90( - uu____2, libcrux_ml_kem_types_from_b6_4c0(copy_of_public_key)); + libcrux_ml_kem_types_from_22_a70(secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; + return libcrux_ml_kem_types_from_17_d50( + uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); } /** @@ -9302,7 +9023,7 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_76(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_39();); @@ -9321,8 +9042,8 @@ sample_ring_element_cbd_2c(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; @@ -9358,17 +9079,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_86( +static KRML_MUSTINLINE void invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_9f(&zeta_i, re); - invert_ntt_at_layer_2_a6(&zeta_i, re); - invert_ntt_at_layer_3_61(&zeta_i, re); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_b7(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_d1(&zeta_i, re); + invert_ntt_at_layer_2_ac(&zeta_i, re); + invert_ntt_at_layer_3_63(&zeta_i, re); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_2c(re); } @@ -9381,7 +9102,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a1( +static KRML_MUSTINLINE void compute_vector_u_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -9393,9 +9114,8 @@ static KRML_MUSTINLINE void compute_vector_u_a1( i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -9403,9 +9123,8 @@ static KRML_MUSTINLINE void compute_vector_u_a1( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -9413,8 +9132,8 @@ static KRML_MUSTINLINE void compute_vector_u_a1( ntt_multiply_89_d5(a_element, &r_as_ntt[j]); add_to_ring_element_89_93(&result[i1], &product); } - invert_ntt_montgomery_86(&result[i1]); - add_error_reduce_89_08(&result[i1], &error_1[i1]); + invert_ntt_montgomery_7b(&result[i1]); + add_error_reduce_89_6b(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -9431,7 +9150,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_1f( +compute_ring_element_v_9d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -9441,8 +9160,8 @@ compute_ring_element_v_1f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = add_message_error_reduce_89_8b(error_2, message, result); + invert_ntt_montgomery_7b(&result); + result = add_message_error_reduce_89_4e(error_2, message, result); return result; } @@ -9458,29 +9177,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_24( +static void compress_then_serialize_u_3d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_2f(&re, ret); + compress_then_serialize_ring_element_u_97(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -9543,7 +9258,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_6c( +static void encrypt_unpacked_61( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -9561,7 +9276,7 @@ static void encrypt_unpacked_6c( uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); tuple_b0 uu____3 = - sample_ring_element_cbd_2c(copy_of_prf_input, domain_separator0); + sample_ring_element_cbd_76(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9569,35 +9284,33 @@ static void encrypt_unpacked_6c( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_66( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a1(public_key->A, r_as_ntt, error_1, u); + compute_vector_u_a7(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_f6(copy_of_message); + deserialize_then_decompress_message_a7(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_1f(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_9d(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_24( + compress_then_serialize_u_3d( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_31( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_a0( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -9620,27 +9333,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -9651,17 +9360,17 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_31( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_6c(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_61(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9682,12 +9391,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_47(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -9704,14 +9412,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9719,9 +9427,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_72( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_ad(ring_element); + deserialize_to_reduced_ring_element_b8(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9747,22 +9455,21 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_12(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_72( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9f( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); sample_matrix_A_23(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; @@ -9793,7 +9500,7 @@ static void encrypt_0d(Eurydice_slice public_key, uint8_t message[32U], uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_6c(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_61(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9808,12 +9515,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_b6(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -9836,55 +9542,47 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_44( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6c( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_47( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_f20(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_0d(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_12(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_f50(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_b6(shared_secret, shared_secret_array); + kdf_af_ff(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9908,16 +9606,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_70( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -9930,9 +9628,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_b1( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_89(u_bytes); - ntt_vector_u_ed(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); + ntt_vector_u_18(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9952,7 +9650,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_cb( +compute_message_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -9961,8 +9659,8 @@ compute_message_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_93(&result, &product);); - invert_ntt_montgomery_86(&result); - result = subtract_reduce_89_7d(v, result); + invert_ntt_montgomery_7b(&result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -10000,20 +9698,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_e7( +static void decrypt_unpacked_a7( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_b1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_70(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_30( + deserialize_then_decompress_ring_element_v_52( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_cb(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_7b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_3a(message, ret0); + compress_then_serialize_message_00(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10053,67 +9750,61 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_ca( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_e7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_a7(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_6c(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_61(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10127,14 +9818,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_01( +static KRML_MUSTINLINE void deserialize_secret_key_7c( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_39();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -10142,9 +9833,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_01( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_05(secret_bytes); + deserialize_to_uncompressed_ring_element_5e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -10162,10 +9853,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_45(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_01(secret_key, secret_as_ntt); + deserialize_secret_key_7c(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -10177,7 +9868,7 @@ static void decrypt_c2(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_e7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_a7(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -10203,12 +9894,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_4f( +void libcrux_ml_kem_ind_cca_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -10222,22 +9912,19 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_c2(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_45(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -10246,35 +9933,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_4f( libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_0d(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_12(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_b6( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_ff(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_b6(shared_secret0, shared_secret); + kdf_af_ff(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_ed0(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_750(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 43b255e31..8aec8129c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 84ec271c7..9d21462e9 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_H @@ -89,8 +89,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } @@ -108,8 +108,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -127,8 +127,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } @@ -146,8 +146,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 2f9a9aad5..6fadfc9fd 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "internal/libcrux_sha3_avx2.h" @@ -99,14 +99,10 @@ static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -219,18 +215,18 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = mm256_unpacklo_epi64(v00, v10); __m256i v1h = mm256_unpackhi_epi64(v00, v10); __m256i v2l = mm256_unpacklo_epi64(v20, v30); @@ -261,34 +257,30 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; @@ -296,34 +288,30 @@ static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = @@ -1373,14 +1361,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c7(s, buf); } @@ -1412,14 +1397,14 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -1471,23 +1456,19 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1495,74 +1476,64 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1578,10 +1549,10 @@ static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; store_block_e9(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; @@ -1629,12 +1600,11 @@ static KRML_MUSTINLINE void squeeze_first_and_last_a4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); - Eurydice_slice_copy( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1692,12 +1662,11 @@ static KRML_MUSTINLINE void squeeze_last_77( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); - Eurydice_slice_copy( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1712,7 +1681,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1722,16 +1691,16 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_37(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, - rem, ret); + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, + ret); libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -1800,18 +1769,18 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v10 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v20 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); - __m256i v30 = mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice)); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = mm256_unpacklo_epi64(v00, v10); __m256i v1h = mm256_unpackhi_epi64(v00, v10); __m256i v2l = mm256_unpacklo_epi64(v20, v30); @@ -1842,34 +1811,30 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; @@ -1877,34 +1842,30 @@ static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = @@ -1922,14 +1883,11 @@ with const generics */ static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c70(s, buf); } @@ -1961,14 +1919,14 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_5e0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); @@ -2030,23 +1988,19 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2054,74 +2008,64 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 9d01f7976..2e6ab41ab 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 4540827a1..b5e10fd6f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_internal_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -246,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -264,8 +262,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b3(s, buf); } @@ -1373,14 +1371,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1404,14 +1402,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1468,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1486,8 +1480,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b30(s, buf); } @@ -1519,14 +1513,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1550,14 +1544,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1643,7 +1634,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1684,12 +1675,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1711,12 +1702,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1733,7 +1724,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1744,17 +1735,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1822,9 +1812,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1874,8 +1863,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b33(s, buf); } @@ -1907,14 +1896,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1938,14 +1927,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1958,7 +1944,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1999,12 +1985,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2065,12 +2051,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2087,7 +2073,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2098,17 +2084,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2176,9 +2161,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2228,8 +2212,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b32(s, buf); } @@ -2261,14 +2245,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2292,14 +2276,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2312,7 +2293,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -2353,12 +2334,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2419,12 +2400,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2441,7 +2422,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2452,17 +2433,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2559,7 +2539,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -2600,12 +2580,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2627,12 +2607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2649,7 +2629,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2660,17 +2640,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2734,14 +2713,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2768,7 +2747,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2779,17 +2758,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2857,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2909,8 +2886,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_b31(s, buf); } @@ -2942,14 +2919,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2973,14 +2950,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2993,7 +2967,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -3033,12 +3007,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3099,12 +3073,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3121,7 +3095,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f2(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3132,17 +3106,16 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 5c3fac29b..3bda4744f 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index cafe0e86c..8098e4972 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b - * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf + * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 + * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 + * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 */ #ifndef __libcrux_sha3_neon_H From 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 18:34:12 +0000 Subject: [PATCH 12/16] fixes for ml-kem C --- libcrux-ml-kem/c.yaml | 11 +- libcrux-ml-kem/c/benches/sha3.cc | 8 +- libcrux-ml-kem/c/code_gen.txt | 8 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 150 +- .../c/internal/libcrux_mlkem_avx2.h | 74 +- .../c/internal/libcrux_mlkem_neon.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 74 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 12 +- .../c/internal/libcrux_sha3_internal.h | 1166 ++- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +- libcrux-ml-kem/c/libcrux_core.c | 299 +- libcrux-ml-kem/c/libcrux_core.h | 20 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 126 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 150 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6636 ++++++++--------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 261 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 14 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 8 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 5157 ++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 90 +- libcrux-ml-kem/c/libcrux_sha3.h | 91 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 1770 +++-- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 37 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 1343 ++-- libcrux-ml-kem/c/libcrux_sha3_neon.c | 39 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 39 +- libcrux-ml-kem/cg/code_gen.txt | 8 +- libcrux-ml-kem/cg/eurydice_glue.h | 30 +- libcrux-ml-kem/cg/karamel/target.h | 17 +- libcrux-ml-kem/cg/libcrux_core.h | 103 +- libcrux-ml-kem/cg/libcrux_ct_ops.h | 24 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 1878 +++-- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 2270 +++--- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 677 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2232 ++++-- libcrux-ml-kem/src/ind_cca.rs | 7 +- libcrux-ml-kem/src/ind_cpa.rs | 30 +- libcrux-ml-kem/src/mlkem1024.rs | 1 + libcrux-ml-kem/src/mlkem512.rs | 1 + libcrux-ml-kem/src/mlkem768.rs | 1 + 60 files changed, 13274 insertions(+), 13380 deletions(-) diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index db12e833c..4dab8e235 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -43,8 +43,8 @@ files: # the behavior applies. internal: monomorphizations_exact: - - [libcrux_sha3, generic_keccak, absorb_final_5e ] - - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_27 ] + - [libcrux_sha3, generic_keccak, absorb_final_d9 ] + - [libcrux_sha3, generic_keccak, squeeze_first_three_blocks_2a ] api: - [libcrux_sha3, avx2, "*"] private: @@ -230,10 +230,3 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true - -naming: - skip_prefix: - - [ core, core_arch, arm_shared, neon ] - - [ core, core_arch, x86 ] - - [libcrux_intrinsics, arm64] - - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/benches/sha3.cc b/libcrux-ml-kem/c/benches/sha3.cc index d5b35e949..97cc7a57b 100644 --- a/libcrux-ml-kem/c/benches/sha3.cc +++ b/libcrux-ml-kem/c/benches/sha3.cc @@ -71,14 +71,14 @@ shake128_34_504(benchmark::State &state) Eurydice_slice last[4] = {EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34), EURYDICE_SLICE(input, 0, 34)}; Eurydice_slice out[4] = {EURYDICE_SLICE(digest0, 0, 504), EURYDICE_SLICE(digest1, 0, 504), EURYDICE_SLICE(digest2, 0, 504), EURYDICE_SLICE(digest3, 0, 504)}; libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); for (auto _ : state) { libcrux_sha3_avx2_x4_incremental_KeccakState st = libcrux_sha3_avx2_x4_incremental_init(); - libcrux_sha3_generic_keccak_absorb_final_5e(&st, last); - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(&st, out); + libcrux_sha3_generic_keccak_absorb_final_d9(&st, last); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(&st, out); } } diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 2546e250a..5c241aed0 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 8de6020c10a3520a56fbf849176f8218e62435cf -Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 -Karamel: 98e5d604741a886e20a526f6673077a15e23cead +Charon: 53530427db2941ce784201e64086766504bc5642 +Eurydice: 67f4341506300372fba9cb8de070234935839cb7 +Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 +Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index a97683fa6..7fee796ff 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t) \ +#define Eurydice_slice_subslice2(s, start, end, t, _) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t, _ret_t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t) \ +#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t) \ +#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ ERROR "should've been desugared" -#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t) \ +#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) +#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,26 +90,25 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _) \ +#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ - sz, a1, a2, t, _, _ret_t) \ - Eurydice_array_eq(sz, a1, a2, t, _) +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ + Eurydice_array_eq -#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 6c5e73354..c267a11d4 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_core_H @@ -67,20 +67,17 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { } libcrux_ml_kem_utils_extraction_helper_Keypair768; /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( - uint8_t *value); +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( + uint8_t value[1568U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -91,21 +88,21 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( - uint8_t *value); +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( + uint8_t value[3168U]); /** This function found in impl {(core::convert::From<@Array> for @@ -116,12 +113,9 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( uint8_t value[1568U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -130,7 +124,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -142,35 +136,29 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, uint8_t ret[1600U]); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( - uint8_t *value); +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( + uint8_t value[1184U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -181,21 +169,21 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( - uint8_t *value); +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( + uint8_t value[2400U]); /** This function found in impl {(core::convert::From<@Array> for @@ -206,12 +194,9 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( uint8_t value[1088U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -220,7 +205,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -232,35 +217,29 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, uint8_t ret[1120U]); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( - uint8_t *value); +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( + uint8_t value[800U]); -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -271,21 +250,21 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( - uint8_t *value); +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( + uint8_t value[1632U]); /** This function found in impl {(core::convert::From<@Array> for @@ -296,12 +275,9 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( uint8_t value[768U]); -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -310,18 +286,15 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( libcrux_ml_kem_types_MlKemPublicKey_be *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]); /** @@ -330,7 +303,7 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_00_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[32U]; core_array_TryFromSliceError case_Err; @@ -347,15 +320,12 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, uint8_t ret[34U]); /** @@ -367,29 +337,23 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]); -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, uint8_t ret[64U]); /** @@ -398,7 +362,7 @@ with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_6f_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[24U]; core_array_TryFromSliceError case_Err; @@ -421,7 +385,7 @@ with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_7a_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[20U]; core_array_TryFromSliceError case_Err; @@ -444,7 +408,7 @@ with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_cd_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[10U]; core_array_TryFromSliceError case_Err; @@ -467,7 +431,7 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_c0_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { int16_t case_Ok[16U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index ff66f1ce5..400fe304e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,16 +47,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -70,7 +62,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +82,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -113,7 +105,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +130,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -164,7 +156,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff1( +void libcrux_ml_kem_ind_cca_decapsulate_261( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -176,7 +168,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -191,16 +183,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]); - -/** - Packed API +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]); - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -214,7 +198,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -234,7 +218,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -257,7 +241,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,7 +266,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +292,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff0( +void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -320,7 +304,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -335,16 +319,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]); - -/** - Packed API - - Generate a key pair. +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]); - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -357,7 +333,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( uint8_t randomness[64U]); /** @@ -378,7 +354,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -401,7 +377,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,7 +402,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -452,7 +428,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff( +void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 03c96041e..57231a2ff 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,14 +48,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -192,14 +184,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -336,14 +320,6 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 261c9cea8..02b20eae1 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,16 +53,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]); -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -77,7 +69,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -98,7 +90,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +113,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +139,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +165,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b01( +void libcrux_ml_kem_ind_cca_decapsulate_241( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -185,7 +177,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -201,16 +193,8 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]); - -/** - Packed API +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]); - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -225,7 +209,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -246,7 +230,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +253,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +279,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +305,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b00( +void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -333,7 +317,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -349,16 +333,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]); - -/** - Packed API - - Generate a key pair. +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]); - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -373,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -394,7 +370,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +393,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +419,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +445,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b0( +void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 16e9fbe30..6b1490d57 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_sha3_avx2_H @@ -31,7 +31,7 @@ with const generics - RATE= 136 - DELIM= 31 */ -void libcrux_sha3_generic_keccak_absorb_final_5e( +void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]); typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -44,7 +44,7 @@ with const generics - N= 4 - RATE= 168 */ -void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index c4b5afc89..80cd5b7ab 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,32 +24,23 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; -/** - Create a new SHAKE-128 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } -/** - Absorb -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_72(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c7(s, buf); } -/** - Squeeze another block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, buf); } /** @@ -60,7 +51,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -68,25 +59,22 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); } -/** - Squeeze three blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); } #define libcrux_sha3_Sha224 0 @@ -96,9 +84,6 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; -/** - Returns the output size of a digest. -*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -149,7 +134,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -157,77 +142,1152 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o4); } -/** - Squeeze five blocks -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } -/** - Absorb some data for SHAKE-256 for the last time -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_720(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c70(s, buf); } -/** - Create a new SHAKE-256 state object. -*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } -/** - Squeeze the first SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } -/** - Squeeze the next SHAKE-256 block -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $136size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][136U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_4f; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Absorb; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + { + uint8_t buf[136U] = {0U}; + borrowed[0U] = core_array___Array_T__N__23__as_slice( + (size_t)136U, buf, uint8_t, Eurydice_slice); + } + { + size_t i = (size_t)0U; + borrowed[i] = Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t, + Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)136U; + size_t remainder = input_to_consume % (size_t)136U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + { + size_t i = (size_t)0U; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Squeeze; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, + uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i; + size_t uu____5 = (size_t)136U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_absorb_final_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); + return self; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( + uint8_t ret[136U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_generic_keccak_new_9d_7e(void) { + libcrux_sha3_generic_keccak_KeccakXofState_4f lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[136U]; + libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); + memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_new_7d(void) { + return libcrux_sha3_generic_keccak_new_9d_7e(); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $168size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][168U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_78; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Absorb; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; + { + size_t i = (size_t)0U; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, + Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, uu____1); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + { + uint8_t buf[168U] = {0U}; + borrowed[0U] = core_array___Array_T__N__23__as_slice( + (size_t)168U, buf, uint8_t, Eurydice_slice); + } + { + size_t i = (size_t)0U; + borrowed[i] = Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t, + Eurydice_slice); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)168U; + size_t remainder = input_to_consume % (size_t)168U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + Eurydice_slice uu____5[1U]; + memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); + if (input_remainder_len > (size_t)0U) { + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + { + size_t i = (size_t)0U; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Squeeze; + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); + size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + uint8_t blocks[1U][200U] = {{0U}}; + { + size_t i = (size_t)0U; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, + uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i], self->buf_len, self->buf_len + input_remainder_len, + uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____3, + Eurydice_slice_subslice_from(inputs[i], + input_len - input_remainder_len, uint8_t, + size_t, Eurydice_slice), + uint8_t, void *); + } + blocks[i][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i; + size_t uu____5 = (size_t)168U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_absorb_final_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); + return self; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( + uint8_t ret[168U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; + ret[136U] = 0U; + ret[137U] = 0U; + ret[138U] = 0U; + ret[139U] = 0U; + ret[140U] = 0U; + ret[141U] = 0U; + ret[142U] = 0U; + ret[143U] = 0U; + ret[144U] = 0U; + ret[145U] = 0U; + ret[146U] = 0U; + ret[147U] = 0U; + ret[148U] = 0U; + ret[149U] = 0U; + ret[150U] = 0U; + ret[151U] = 0U; + ret[152U] = 0U; + ret[153U] = 0U; + ret[154U] = 0U; + ret[155U] = 0U; + ret[156U] = 0U; + ret[157U] = 0U; + ret[158U] = 0U; + ret[159U] = 0U; + ret[160U] = 0U; + ret[161U] = 0U; + ret[162U] = 0U; + ret[163U] = 0U; + ret[164U] = 0U; + ret[165U] = 0U; + ret[166U] = 0U; + ret[167U] = 0U; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_generic_keccak_new_9d_7e0(void) { + libcrux_sha3_generic_keccak_KeccakXofState_78 lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[168U]; + libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); + memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_new_1c(void) { + return libcrux_sha3_generic_keccak_new_9d_7e0(); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)136U; + size_t last = out_len - out_len % (size_t)136U; + size_t mid; + if ((size_t)136U >= out_len) { + mid = out_len; + } else { + mid = (size_t)136U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)136U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for +libcrux_sha3::portable::incremental::Shake256Squeeze)#3} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_8a( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; + size_t last_block_len = + core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + core_slice___Slice_T___copy_from_slice( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, + Eurydice_slice), + uint8_t, void *); + } +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t blocks = out_len / (size_t)168U; + size_t last = out_len - out_len % (size_t)168U; + size_t mid; + if ((size_t)168U >= out_len) { + mid = out_len; + } else { + mid = (size_t)168U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, core_option_Option_b3) + .tag == core_option_None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)168U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for +libcrux_sha3::portable::incremental::Shake128Squeeze)#1} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_10( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); } /** diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index df3cab052..d7ebcbe67 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,52 +21,60 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i mm256_castsi256_si128( - core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( - core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i mm256_castsi128_si256( - core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( + int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i mm256_set_epi16( - int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, int16_t x15) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, + int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, + int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, + int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i mm256_set_epi8( +static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -78,7 +86,7 @@ static inline core_core_arch_x86___m256i mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i mm_set_epi8( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -86,229 +94,266 @@ static inline core_core_arch_x86___m128i mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, - int32_t x2, int32_t x3, - int32_t x4, int32_t x5, - int32_t x6, - int32_t x7) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, + int32_t x3, int32_t x4, int32_t x5, + int32_t x6, int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( - Eurydice_slice a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( - Eurydice_slice a) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void mm_storeu_bytes_si128(Eurydice_slice a, - core_core_arch_x86___m128i b) { +static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void mm256_storeu_si256_i16(Eurydice_slice a, - core_core_arch_x86___m256i b) { +static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm256_storeu_si256_u8(Eurydice_slice a, - core_core_arch_x86___m256i b) { +static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_slice a, core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void mm_storeu_si128(Eurydice_slice a, - core_core_arch_x86___m128i b) { +static inline void libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice a, core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i mm256_add_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_add_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_add_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_sub_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i mm_sub_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i mm256_mullo_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_mulhi_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_mul_epu32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i mm256_mullo_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_mullo_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i mm_mulhi_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i mm256_madd_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i mm256_and_si256( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i mm256_andnot_si256( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i mm256_xor_si256( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { +static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( + core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ + (_mm256_srai_epi16(b, a)) -#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ + (_mm256_srli_epi16(b, a)) -#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) +#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ + (_mm256_slli_epi16(b, a)) -#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ + (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i mm256_slli_epi64_( - int32_t a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, + core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) +#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ + (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) -#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ + (_mm256_srai_epi32(b, a)) -#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ + (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i mm256_sllv_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i mm256_srli_epi64_( - int32_t a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, + core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) +#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ + (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i mm256_packs_epi32( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_packs_epi16( +static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) +#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ + (_mm256_shuffle_epi32(b, a)) -#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) +#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ + (_mm256_extracti128_si256(b, a)) -#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) +#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ + (_mm256_permute4x64_epi64(b, a)) -#define mm256_permute2x128_si256(a, b, c, d) \ +#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) +#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ + (_mm256_inserti128_si256(b, c, a)) -#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) +#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ + (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i mm256_shuffle_epi8( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i +libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i mm_shuffle_epi8( - core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i +libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, + core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index f914d4cb2..86a49e1e6 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,18 +4,15 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_core.h" -/** - Return 1 if `value` is not zero and 0 otherwise. -*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -28,17 +25,14 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } -/** - Return 1 if the bytes of `lhs` and `rhs` do not exactly - match and 0 otherwise. -*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); } return is_non_zero(r); } @@ -49,10 +43,6 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } -/** - If `selector` is not zero, return the bytes in `rhs`; return the bytes in - `lhs` otherwise. -*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -60,10 +50,11 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & - (uint32_t)~mask); + out[i0] = + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -88,27 +79,23 @@ void libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_i } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_c7_141( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( + uint8_t value[1568U]) { + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - uint8_t ret[1568U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1568U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -119,7 +106,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -127,21 +114,20 @@ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_d51( } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_22_a71( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( + uint8_t value[3168U]) { + uint8_t uu____0[3168U]; + memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - uint8_t ret[3168U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)3168U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -154,19 +140,15 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_9c1( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( uint8_t value[1568U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1568U]; - memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); + uint8_t uu____0[1568U]; + memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -175,7 +157,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c21( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -189,52 +171,48 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_751( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1600 */ -void libcrux_ml_kem_utils_into_padded_array_2d4(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_c7_140( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( + uint8_t value[1184U]) { + uint8_t uu____0[1184U]; + memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - uint8_t ret[1184U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1184U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -245,7 +223,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -253,21 +231,20 @@ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_d50( } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_22_a70( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( + uint8_t value[2400U]) { + uint8_t uu____0[2400U]; + memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - uint8_t ret[2400U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)2400U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -280,19 +257,15 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_9c0( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( uint8_t value[1088U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[1088U]; - memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); + uint8_t uu____0[1088U]; + memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -301,7 +274,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c20( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -315,52 +288,48 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_750( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -void libcrux_ml_kem_utils_into_padded_array_2d3(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_c7_14( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( + uint8_t value[800U]) { + uint8_t uu____0[800U]; + memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - uint8_t ret[800U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)800U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); return lit; } -/** - Create a new [`MlKemKeyPair`] from the secret and public key. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -371,28 +340,27 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_d5( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_22_a7( - uint8_t *value) { +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( + uint8_t value[1632U]) { + uint8_t uu____0[1632U]; + memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - uint8_t ret[1632U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1632U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -405,19 +373,15 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_9c( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( uint8_t value[768U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_value[768U]; - memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____0[768U]; + memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); return lit; } -/** - A reference to the raw byte slice. -*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -426,27 +390,26 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( +uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -void libcrux_ml_kem_utils_into_padded_array_2d2(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -470,22 +433,21 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -void libcrux_ml_kem_utils_into_padded_array_2d1(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -498,46 +460,45 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_75( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, + Eurydice_slice); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 800 */ -void libcrux_ml_kem_utils_into_padded_array_2d0(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } -/** - Pad the `slice` with `0`s at the end. -*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -void libcrux_ml_kem_utils_into_padded_array_2d(Eurydice_slice slice, +void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - Eurydice_slice_copy( - Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t), uint8_t), - slice, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2( + uu____0, (size_t)0U, + core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, + Eurydice_slice), + slice, uint8_t, void *); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 621327ab7..4265e7e36 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_core_H @@ -30,6 +30,11 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; +#define core_result_Ok 0 +#define core_result_Err 1 + +typedef uint8_t core_result_Result_86_tags; + #define core_option_None 0 #define core_option_Some 1 @@ -203,18 +208,13 @@ typedef struct tuple_ec_s { uint8_t snd[32U]; } tuple_ec; -#define core_result_Ok 0 -#define core_result_Err 1 - -typedef uint8_t core_result_Result_00_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct core_result_Result_56_s { - core_result_Result_00_tags tag; + core_result_Result_86_tags tag; union { uint8_t case_Ok[8U]; core_array_TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 41e98434c..276b5327d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index cd940beb2..5b6502758 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -38,30 +35,20 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_c7( +static void decapsulate_d5( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_260(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_c7(private_key, ciphertext, ret); + decapsulate_d5(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -83,25 +70,18 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_21( +static void decapsulate_unpacked_05( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_21(private_key, ciphertext, ret); + decapsulate_unpacked_05(private_key, ciphertext, ret); } /** @@ -121,36 +101,24 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_8e( +static tuple_21 encapsulate_b7( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_8e(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_b7(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -169,42 +137,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_2a( +static tuple_21 encapsulate_unpacked_ed( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_360(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2a(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ed(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -216,28 +168,20 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_4b( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_80( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_360(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_990(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_4b(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_80(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -251,29 +195,20 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_4c(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00( - copy_of_randomness); +generate_keypair_unpacked_290(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_4c(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_290(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -282,19 +217,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_1b0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_770(public_key); +static bool validate_public_key_930(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_1b0(public_key.value)) { + if (validate_public_key_930(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 658c5b92c..f70175faf 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index c95f9f673..8f38be0c7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -45,13 +42,6 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -59,9 +49,6 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -90,13 +77,6 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -125,32 +105,20 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6b(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -174,37 +142,21 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1c(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -218,26 +170,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_91(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -252,28 +196,19 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( - copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_87(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -286,11 +221,6 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index 1ed96ad65..dc1d1a4be 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index ed6f6e69f..2b84bcdbd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,30 +35,20 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_15( +static void decapsulate_8b( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b01(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_241(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_15(private_key, ciphertext, ret); + decapsulate_8b(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -83,25 +70,18 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_39( +static void decapsulate_unpacked_f3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_751(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_39(private_key, ciphertext, ret); + decapsulate_unpacked_f3(private_key, ciphertext, ret); } /** @@ -121,36 +101,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_09( +static tuple_21 encapsulate_83( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_781(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_fa1(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_09(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_83(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -169,42 +137,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_62( +static tuple_21 encapsulate_unpacked_f4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_081(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1(uu____0, uu____1); } -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_62(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_f4(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -217,28 +169,20 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_b5( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a9( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d71(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_ef1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_b5(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_a9(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -252,29 +196,20 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b8(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371( - copy_of_randomness); +generate_keypair_unpacked_10(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uu____0); } -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b8(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_10(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -283,19 +218,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_241(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f1(public_key); +static bool validate_public_key_4d1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_601(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_241(public_key.value)) { + if (validate_public_key_4d1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index e20755c0c..8ea6c71ad 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,71 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 1024 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem1024PrivateKey`] and an - [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 1024 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. -*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 1024 - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem1024PublicKey`] and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 1024 (unpacked) - - Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. - TODO: The F* prefix opens required modules, it should go away when the - following issue is resolved: https://github.com/hacspec/hax/issues/770 -*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 1024 Key Pair -*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 1024 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 4181db559..06d05903b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 31c416846..d6917cf59 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -38,28 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_d7(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_26(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_d7(private_key, ciphertext, ret); + decapsulate_f1(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_30( +static void decapsulate_unpacked_4e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_30(private_key, ciphertext, ret); + decapsulate_unpacked_4e(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_c4( +static tuple_ec encapsulate_ab( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_c4(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ab(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_b9( +static tuple_ec encapsulate_unpacked_dc( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_36(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_b9(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_dc(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -210,28 +164,20 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_8f( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d4( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_99(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_8f(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_d4(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -245,29 +191,20 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_7a(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0( - copy_of_randomness); +generate_keypair_unpacked_29(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_7a(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_29(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -276,19 +213,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_1b(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); +static bool validate_public_key_93(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_1b(public_key.value)) { + if (validate_public_key_93(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 4e8b2bb37..36f5a4f09 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 5b9b0ad47..906114e72 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -121,32 +101,20 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_f8(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -170,35 +138,21 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ce(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,26 +166,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1a(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -246,28 +192,19 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( - copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_38(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -280,11 +217,6 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 211c714fc..67f26b584 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index 9ff79924c..e6ed7f596 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,28 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_04(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b00(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_240(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_04(private_key, ciphertext, ret); + decapsulate_f8(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_d1( +static void decapsulate_unpacked_1e( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_750(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d1(private_key, ciphertext, ret); + decapsulate_unpacked_1e(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_0e( +static tuple_ec encapsulate_6e( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_fa0(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_0e(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6e(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_2c( +static tuple_ec encapsulate_unpacked_ae( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_080(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0(uu____0, uu____1); } -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_2c(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ae(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -211,28 +165,20 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_33( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_65( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d70(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_ef0(uu____0); } -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_33(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_65(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -246,29 +192,20 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_fe(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370( - copy_of_randomness); +generate_keypair_unpacked_16(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uu____0); } -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_fe(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_16(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -277,19 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_240(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f0(public_key); +static bool validate_public_key_4d0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_600(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_240(public_key.value)) { + if (validate_public_key_4d0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 68ee7a5da..b307dbf3b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem512_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 512 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem512PrivateKey`] and an - [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 512 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. -*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 512 - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 512 (unpacked) - - Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 512 Key Pair -*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 512 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 8cf5f4f40..14d7b3864 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index bd4ebc485..170f11724 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -38,28 +35,18 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_2f( +static void decapsulate_0b( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_ff1(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_261(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_2f(private_key, ciphertext, ret); + decapsulate_0b(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_57( +static void decapsulate_unpacked_3f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_57(private_key, ciphertext, ret); + decapsulate_unpacked_3f(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_23( +static tuple_3c encapsulate_98( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_931(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_011(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_23(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_98(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_cb( +static tuple_3c encapsulate_unpacked_be( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_361(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_cb(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_be(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -210,28 +164,20 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_2e( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_32( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_361(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_991(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_2e(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_32(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -245,29 +191,20 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_cf(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01( - copy_of_randomness); +generate_keypair_unpacked_09(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_cf(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_09(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -276,19 +213,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_1b1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_771(public_key); +static bool validate_public_key_931(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_6c1(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_1b1(public_key.value)) { + if (validate_public_key_931(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 9b775c78d..860111581 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index c252832a1..f7f161a44 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -44,22 +41,12 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -87,13 +74,6 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -121,32 +101,20 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ea(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -170,35 +138,21 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_29(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -212,26 +166,18 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1b(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -246,28 +192,19 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( - copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_42(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -280,11 +217,6 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index aaf2756d9..4bbf14bf5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb - * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 + * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba + * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec + * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 + * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 7cc0954b1..145cf96c6 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,20 +4,17 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,28 +35,18 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_62( +static void decapsulate_7d( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_24(private_key, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_62(private_key, ciphertext, ret); + decapsulate_7d(private_key, ciphertext, ret); } -/** - Portable decapsulate -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -81,23 +68,16 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_ad( +static void decapsulate_unpacked_c8( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_de(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_75(key_pair, ciphertext, ret); } -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ad(private_key, ciphertext, ret); + decapsulate_unpacked_c8(private_key, ciphertext, ret); } /** @@ -117,36 +97,24 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_35( +static tuple_3c encapsulate_72( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_fa(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_35(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_72(uu____0, uu____1); } -/** - Portable encapsualte -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -165,40 +133,26 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_be( +static tuple_3c encapsulate_unpacked_c9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_08(uu____0, - copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c(uu____0, uu____1); } -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_be(uu____0, copy_of_randomness); + uint8_t uu____1[32U]; + memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_c9(uu____0, uu____1); } -/** - Portable generate key pair. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -211,28 +165,20 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_45( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_21( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_ef(uu____0); } -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_45(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_21(uu____0); } -/** - Unpacked API -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -246,29 +192,20 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_05(uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37( - copy_of_randomness); +generate_keypair_unpacked_2a(uint8_t randomness[64U]) { + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uu____0); } -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[64U]; - memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_05(copy_of_randomness); + uint8_t uu____0[64U]; + memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_2a(uu____0); } -/** - Portable public key validation -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -277,19 +214,14 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_24(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); +static bool validate_public_key_4d(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_60(public_key); } -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_24(public_key.value)) { + if (validate_public_key_4d(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4a2c6effd..4ed073607 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem768_portable_H @@ -22,69 +22,29 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" -/** - Decapsulate ML-KEM 768 - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an [`MlKem768PrivateKey`] and an - [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Decapsulate ML-KEM 768 (unpacked) - - Generates an [`MlKemSharedSecret`]. - The input is a reference to an unpacked key pair of type - [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. -*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); -/** - Encapsulate ML-KEM 768 - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] - bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); -/** - Encapsulate ML-KEM 768 (unpacked) - - Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. - The input is a reference to an unpacked public key of type - [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and - [`SHARED_SECRET_SIZE`] bytes of `randomness`. -*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); -/** - Generate ML-KEM 768 Key Pair -*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); -/** - Generate ML-KEM 768 Key Pair in "unpacked" form -*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); -/** - Validate a public key. - - Returns `Some(public_key)` if valid, and `None` otherwise. -*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 87c5873ba..ed6975218 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,7 +21,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,40 +30,43 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { - return mm256_setzero_si256(); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_zero(void) { + return libcrux_intrinsics_avx2_mm256_setzero_si256(); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return mm256_loadu_si256_i16(array); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, - int16_t ret[16U]) { +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( + core_core_arch_x86___m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; - mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), - v); + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -70,452 +74,564 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, - __m256i rhs) { - return mm256_add_epi16(lhs, rhs); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, - __m256i rhs) { - return mm256_sub_epi16(lhs, rhs); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs) { + return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, - int16_t constant) { - return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_mullo_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant) { - return mm256_and_si256(vector, mm256_set1_epi16(constant)); + core_core_arch_x86___m256i vector, int16_t constant) { + return libcrux_intrinsics_avx2_mm256_and_si256( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant) { +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); - __m256i sign_mask = - mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); - __m256i conditional_add_field_modulus = - mm256_and_si256(sign_mask, field_modulus); - return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i v_minus_field_modulus = + libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); + core_core_arch_x86___m256i sign_mask = + libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); + core_core_arch_x86___m256i conditional_add_field_modulus = + libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); + return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, + conditional_add_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { - __m256i t = mm256_mulhi_epi16( - vector, mm256_set1_epi16( +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( + vector, libcrux_intrinsics_avx2_mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); - __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); - __m256i quotient_times_field_modulus = mm256_mullo_epi16( - quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return mm256_sub_epi16(vector, quotient_times_field_modulus); + core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( + t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); + core_core_arch_x86___m256i quotient = + libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i quotient_times_field_modulus = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, + quotient_times_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant) { - __m256i constant0 = mm256_set1_epi16(constant); - __m256i value_low = mm256_mullo_epi16(vector, constant0); - __m256i k = mm256_mullo_epi16( + core_core_arch_x86___m256i vector, int16_t constant) { + core_core_arch_x86___m256i constant0 = + libcrux_intrinsics_avx2_mm256_set1_epi16(constant); + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, - mm256_set1_epi16( + libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(vector, constant0); - return mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant) { +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); - __m256i field_modulus_quartered = mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); - __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); - __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); - __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); - __m256i shifted_to_positive_in_range = - mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); - return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); + core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)2); + core_core_arch_x86___m256i field_modulus_quartered = + libcrux_intrinsics_avx2_mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / + (int16_t)4); + core_core_arch_x86___m256i shifted = + libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); + core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( + (int32_t)15, shifted, core_core_arch_x86___m256i); + core_core_arch_x86___m256i shifted_to_positive = + libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); + core_core_arch_x86___m256i shifted_to_positive_in_range = + libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, + field_modulus_quartered); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - __m256i lhs, __m256i rhs) { - __m256i prod02 = mm256_mul_epu32(lhs, rhs); - __m256i prod13 = - mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), - mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); - return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), - mm256_unpackhi_epi32(prod02, prod13)); +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { + core_core_arch_x86___m256i prod02 = + libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); + core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, + core_core_arch_x86___m256i)); + return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( + libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), + libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c) { - __m256i value_low = mm256_mullo_epi16(v, c); - __m256i k = mm256_mullo_epi16( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { + core_core_arch_x86___m256i value_low = + libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( value_low, - mm256_set1_epi16( + libcrux_intrinsics_avx2_mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_mulhi_epi16(v, c); - return mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, - zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, - -zeta0, -zeta0, zeta0, zeta0); - __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); - __m256i rhs0 = + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, + -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); - return mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, - zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, - zeta0, zeta0, zeta0, zeta0); - __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); - __m256i rhs0 = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( + -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, + -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)238, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); - return mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)68, vector, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE __m128i +KRML_MUSTINLINE core_core_arch_x86___m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c) { - __m128i value_low = mm_mullo_epi16(v, c); - __m128i k = mm_mullo_epi16( + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { + core_core_arch_x86___m128i value_low = + libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); + core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( value_low, - mm_set1_epi16( + libcrux_intrinsics_avx2_mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m128i k_times_modulus = mm_mulhi_epi16( - k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m128i value_high = mm_mulhi_epi16(v, c); - return mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { - __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m128i rhs0 = + core_core_arch_x86___m128i k_times_modulus = + libcrux_intrinsics_avx2_mm_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m128i value_high = + libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); + return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, mm_set1_epi16(zeta)); - __m128i lhs = mm256_castsi256_si128(vector); - __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); - __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); - __m256i combined = mm256_castsi128_si256(lower_coefficients); - return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, - __m256i); + rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); - __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); - __m256i rhs0 = mm256_mullo_epi16( - rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); - __m256i sum0 = mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, + (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum0 = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, - mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); + sum0, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + core_core_arch_x86___m256i sum = + libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - __m256i vector, int16_t zeta0, int16_t zeta1) { - __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); - __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); - __m256i rhs0 = mm256_mullo_epi16( - rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); - __m256i sum = mm256_add_epi16(lhs, rhs0); - __m256i sum_times_zetas = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { + core_core_arch_x86___m256i lhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)245, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)160, vector, core_core_arch_x86___m256i); + core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( + rhs, libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)1)); + core_core_arch_x86___m256i sum = + libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + core_core_arch_x86___m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, - mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); + sum, libcrux_intrinsics_avx2_mm256_set_epi16( + zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return libcrux_intrinsics_avx2_mm256_blend_epi16( + (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - __m256i vector, int16_t zeta) { - __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m128i rhs = mm256_castsi256_si128(vector); - __m128i lower_coefficients = mm_add_epi16(lhs, rhs); - __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); - __m128i upper_coefficients0 = +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta) { + core_core_arch_x86___m128i lhs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m128i rhs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); + core_core_arch_x86___m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, mm_set1_epi16(zeta)); - __m256i combined = mm256_castsi128_si256(lower_coefficients); - return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, - __m256i); + upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); + return libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { - __m256i k = mm256_mullo_epi16( +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v) { + core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( v, - mm256_set1_epi32( + libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - __m256i k_times_modulus = mm256_mulhi_epi16( - k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); - __m256i result = mm256_sub_epi16(value_high, k_times_modulus); - __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); - return mm256_srai_epi32((int32_t)16, result0, __m256i); -} - -KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, - int16_t zeta3) { - __m256i shuffle_with = mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); - __m256i lhs_shuffled0 = - mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); - __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); - __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); - __m128i lhs_odds = - mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); - __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); - __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); - __m256i rhs_shuffled0 = - mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); - __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); - __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); - __m128i rhs_odds = - mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); - __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); - __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); - __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); - __m256i right0 = + core_core_arch_x86___m256i k_times_modulus = + libcrux_intrinsics_avx2_mm256_mulhi_epi16( + k, libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + core_core_arch_x86___m256i value_high = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i result = + libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( + (int32_t)16, result, core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, + core_core_arch_x86___m256i); +} + +KRML_MUSTINLINE core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, + core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3) { + core_core_arch_x86___m256i shuffle_with = + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + core_core_arch_x86___m256i lhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); + core_core_arch_x86___m256i lhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); + core_core_arch_x86___m256i lhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); + core_core_arch_x86___m128i lhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i lhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); + core_core_arch_x86___m256i rhs_shuffled = + libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); + core_core_arch_x86___m256i rhs_shuffled0 = + libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); + core_core_arch_x86___m128i rhs_evens = + libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); + core_core_arch_x86___m256i rhs_evens0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); + core_core_arch_x86___m128i rhs_odds = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); + core_core_arch_x86___m256i rhs_odds0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); + core_core_arch_x86___m256i left = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); + core_core_arch_x86___m256i right = + libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); + core_core_arch_x86___m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - __m256i right1 = mm256_mullo_epi32( - right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, - (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, - -(int32_t)zeta0, (int32_t)zeta0)); - __m256i products_left = mm256_add_epi32(left, right1); - __m256i products_left0 = + core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( + right0, + libcrux_intrinsics_avx2_mm256_set_epi32( + -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, + -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); + core_core_arch_x86___m256i products_left = + libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); + core_core_arch_x86___m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( - rhs, - mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); - __m256i products_right0 = + core_core_arch_x86___m256i rhs_adjacent_swapped = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + rhs, libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + core_core_arch_x86___m256i products_right = + libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); + core_core_arch_x86___m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - __m256i products_right1 = - mm256_slli_epi32((int32_t)16, products_right0, __m256i); - return mm256_blend_epi16((int32_t)170, products_left0, products_right1, - __m256i); + core_core_arch_x86___m256i products_right1 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, + products_right1, + core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - __m256i vector, uint8_t ret[2U]) { - __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); - __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); - __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); - __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = mm_movemask_epi8(msbs); + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { + core_core_arch_x86___m256i lsb_to_msb = + libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i low_msbs = + libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); + core_core_arch_x86___m128i high_msbs = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); + core_core_arch_x86___m128i msbs = + libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -526,79 +642,110 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, - uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsb_to_msb = mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsb_to_msb = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, + (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, + (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, + (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, + (int16_t)-32768); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return libcrux_intrinsics_avx2_mm256_srli_epi16( + (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - __m256i vector, uint8_t ret[8U]) { + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_2_combined, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - __m256i combined = mm256_permutevar8x32_epi32( - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); - __m128i combined0 = mm256_castsi256_si128(combined); - mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + core_core_arch_x86___m256i combined = + libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)4, (int32_t)0)); + core_core_arch_x86___m128i combined0 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), + combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -607,89 +754,127 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, - uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - __m256i coefficients = mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m256i coefficients_in_msb = - mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); - __m256i coefficients_in_lsb = - mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); - return mm256_and_si256(coefficients_in_lsb, - mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, + uint8_t)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m256i coefficients_in_msb = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients_in_lsb = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 4U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - __m256i vector, uint8_t ret[10U]) { + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = - mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); - __m256i adjacent_8_combined0 = mm256_sllv_epi32( - adjacent_8_combined, - mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); - __m256i adjacent_8_combined1 = - mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, + (int32_t)22, (int32_t)0, (int32_t)22)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi32( + (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined0 = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_8_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_8_combined1 = + libcrux_intrinsics_avx2_mm256_srli_epi64( + (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, + Eurydice_slice), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), - Eurydice_slice, uint8_t[10U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[10U], void *); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -698,101 +883,120 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - __m128i coefficients = - mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); - __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); - __m256i coefficients_loaded0 = mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, __m256i); - __m256i coefficients0 = mm256_shuffle_epi8( - coefficients_loaded0, - mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, - (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, - (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)1, (int8_t)0)); - __m256i coefficients1 = mm256_mullo_epi16( - coefficients0, - mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); + core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + core_core_arch_x86___m256i coefficients_loaded = + libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); + core_core_arch_x86___m256i coefficients_loaded0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + coefficients_loaded0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, + (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, + (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16( + coefficients0, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, + core_core_arch_x86___m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - __m256i vector, uint8_t ret[20U]) { + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, - (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined0, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0)); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, + (int32_t)12, (int32_t)0, (int32_t)12)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), lower_8); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); - mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, - (size_t)26U, uint8_t), - upper_8); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, + Eurydice_slice), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), - Eurydice_slice, uint8_t[20U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[20U], void *); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -801,53 +1005,72 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, - 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, - 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, + (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, + (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, + (int16_t)1 << 6U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, + 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, + 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 10U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - __m256i vector, uint8_t ret[22U]) { + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), - vector); + libcrux_intrinsics_avx2_mm256_storeu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t)); + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -857,69 +1080,81 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t)); + return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - __m256i vector, uint8_t ret[24U]) { + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - __m256i adjacent_2_combined = mm256_madd_epi16( - vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, - (int16_t)1)); - __m256i adjacent_4_combined = mm256_sllv_epi32( - adjacent_2_combined, - mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); - __m256i adjacent_4_combined0 = - mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); - __m256i adjacent_8_combined = mm256_shuffle_epi8( - adjacent_4_combined0, - mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, - (int8_t)1, (int8_t)0)); - __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); - __m128i upper_8 = - mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); - mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), + core_core_arch_x86___m256i adjacent_2_combined = + libcrux_intrinsics_avx2_mm256_madd_epi16( + vector, + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); + core_core_arch_x86___m256i adjacent_4_combined = + libcrux_intrinsics_avx2_mm256_sllv_epi32( + adjacent_2_combined, + libcrux_intrinsics_avx2_mm256_set_epi32( + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, + (int32_t)8, (int32_t)0, (int32_t)8)); + core_core_arch_x86___m256i adjacent_4_combined0 = + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i adjacent_8_combined = + libcrux_intrinsics_avx2_mm256_shuffle_epi8( + adjacent_4_combined0, + libcrux_intrinsics_avx2_mm256_set_epi8( + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0)); + core_core_arch_x86___m128i lower_8 = + libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); + core_core_arch_x86___m128i upper_8 = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, + Eurydice_slice), lower_8); - mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, - (size_t)28U, uint8_t), - upper_8); + libcrux_intrinsics_avx2_mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, + Eurydice_slice), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), - Eurydice_slice, uint8_t[24U]); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[24U], void *); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -928,53 +1163,73 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE __m256i +KRML_MUSTINLINE core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - __m256i shift_lsbs_to_msbs = mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); - __m128i lower_coefficients0 = mm_shuffle_epi8( - lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, - 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = mm_loadu_si128( - Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); - __m128i upper_coefficients0 = mm_shuffle_epi8( - upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, - 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); - __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, - upper_coefficients0, __m256i); - __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); - __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); - return mm256_and_si256(coefficients2, - mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); + core_core_arch_x86___m256i shift_lsbs_to_msbs = + libcrux_intrinsics_avx2_mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, + (int16_t)1 << 4U); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + lower_coefficients, + libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, + 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( + bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8( + upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( + 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, + 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + core_core_arch_x86___m256i coefficients = + libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); + core_core_arch_x86___m256i coefficients0 = + libcrux_intrinsics_avx2_mm256_inserti128_si256( + (int32_t)1, coefficients, upper_coefficients0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i coefficients1 = + libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, + shift_lsbs_to_msbs); + core_core_arch_x86___m256i coefficients2 = + libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, + core_core_arch_x86___m256i); + return libcrux_intrinsics_avx2_mm256_and_si256( + coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( + ((int16_t)1 << 12U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - __m256i field_modulus = - mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i potential_coefficients = + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi16( + LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - __m256i compare_with_field_modulus = - mm256_cmpgt_epi16(field_modulus, potential_coefficients); + core_core_arch_x86___m256i compare_with_field_modulus = + libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, + potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -983,27 +1238,35 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); - __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); - __m128i lower_coefficients0 = - mm_shuffle_epi8(lower_coefficients, lower_shuffles0); - mm_storeu_si128(output, lower_coefficients0); + core_core_arch_x86___m128i lower_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i lower_coefficients = + libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); + core_core_arch_x86___m128i lower_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, + lower_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = mm_loadu_si128( - Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); - __m128i upper_coefficients = - mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); - __m128i upper_coefficients0 = - mm_shuffle_epi8(upper_coefficients, upper_shuffles0); - mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t), - upper_coefficients0); + core_core_arch_x86___m128i upper_shuffles0 = + libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( + (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + core_core_arch_x86___m128i upper_coefficients = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); + core_core_arch_x86___m128i upper_coefficients0 = + libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, + upper_shuffles0); + libcrux_intrinsics_avx2_mm_storeu_si128( + Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t, + Eurydice_slice), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1021,7 +1284,8 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { +inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self) { return self[0U]; } @@ -1035,7 +1299,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1056,12 +1320,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_d5(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1069,26 +1327,24 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_c5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_to_reduced_ring_element_7f(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1096,14 +1352,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f24( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_494( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1111,9 +1367,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f24( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1126,8 +1382,10 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_b6(__m256i vector) { - return mm256_srai_epi16((int32_t)15, vector, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +shift_right_4a(core_core_arch_x86___m256i vector) { + return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, + core_core_arch_x86___m256i); } /** @@ -1139,8 +1397,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_07(__m256i vector) { - return shift_right_b6(vector); +static core_core_arch_x86___m256i shift_right_ea_25( + core_core_arch_x86___m256i vector) { + return shift_right_4a(vector); } /** @@ -1149,10 +1408,12 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_unsigned_representative_a4(__m256i a) { - __m256i t = shift_right_ea_07(a); - __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static core_core_arch_x86___m256i to_unsigned_representative_d2( + core_core_arch_x86___m256i a) { + core_core_arch_x86___m256i t = shift_right_ea_25(a); + core_core_arch_x86___m256i fm = + libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -1162,26 +1423,27 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_92( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re->coefficients[i0]); + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_d2(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1189,34 +1451,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_ae1( +static KRML_MUSTINLINE void serialize_secret_key_7f1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_af(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1225,20 +1487,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_d01( +static KRML_MUSTINLINE void serialize_public_key_941( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_ae1(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_7f1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1250,18 +1516,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_771(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_f24( + deserialize_ring_elements_reduced_494( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_941( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1289,7 +1555,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_a9_681(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e11(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -1299,10 +1565,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static void closure_b81( +static void closure_b91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -1311,14 +1577,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d1(uint8_t input[3U][34U]) { +shake128_init_absorb_b41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } @@ -1332,11 +1599,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca1(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d1(copy_of_input); +shake128_init_absorb_a9_cf1(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b41(uu____0); } /** @@ -1345,7 +1611,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_981( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -1353,10 +1619,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b1( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1379,52 +1645,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c01( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_6b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_981(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1432,7 +1657,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f93( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1443,11 +1668,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1469,7 +1695,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_1b1( +static KRML_MUSTINLINE void shake128_squeeze_block_aa1( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -1477,10 +1703,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1502,52 +1728,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a1( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_a31( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_1b1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_aa1(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1555,7 +1740,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f94( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -1566,11 +1751,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1598,14 +1784,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -from_i16_array_89_10(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); +from_i16_array_89_46(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); } return result; } @@ -1616,10 +1803,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_791( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_191( int16_t s[272U]) { - return from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -1628,43 +1815,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_b01( +static KRML_MUSTINLINE void sample_from_xof_af1( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca1(copy_of_seeds); + shake128_init_absorb_a9_cf1(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_a9_4d1(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb3( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_a9_c01(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_f93( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_a9_5a1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb4( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_a9_a31(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_f94( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_791(copy_of_out[i]);); + ret0[i] = closure_191(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1676,33 +1858,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_a21( +static KRML_MUSTINLINE void sample_matrix_A_ac1( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_b81(A_transpose[i]);); + closure_b91(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_b01(copy_of_seeds, sampled); + sample_from_xof_af1(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1711,9 +1892,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a21( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -1736,7 +1915,7 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_662(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -1744,14 +1923,14 @@ static KRML_MUSTINLINE void PRFxN_1c2(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1774,60 +1953,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_512(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a12(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1c2(input, ret); + PRFxN_662(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1835,25 +1965,27 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -1869,8 +2001,8 @@ sample_from_binomial_distribution_2_c1(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -1880,22 +2012,24 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -1913,8 +2047,8 @@ sample_from_binomial_distribution_3_43(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_10( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -1924,8 +2058,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_470(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_c1(randomness); +sample_from_binomial_distribution_730(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_ee(randomness); } /** @@ -1934,13 +2068,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_45( +static KRML_MUSTINLINE void ntt_at_layer_7_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + core_core_arch_x86___m256i t = + libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -1949,8 +2084,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_45( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - __m256i fst; - __m256i snd; + core_core_arch_x86___m256i fst; + core_core_arch_x86___m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -1959,7 +2094,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i montgomery_multiply_fe_9d(__m256i v, int16_t fer) { +static core_core_arch_x86___m256i montgomery_multiply_fe_3e( + core_core_arch_x86___m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1970,8 +2106,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_f4(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = montgomery_multiply_fe_9d(b, zeta_r); +ntt_layer_int_vec_step_a7(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, int16_t zeta_r) { + core_core_arch_x86___m256i t = montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1984,7 +2121,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1997,11 +2134,11 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - ntt_layer_int_vec_step_f4( + ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2014,7 +2151,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_b4( +static KRML_MUSTINLINE void ntt_at_layer_3_c4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2030,7 +2167,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7c( +static KRML_MUSTINLINE void ntt_at_layer_2_2d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2049,7 +2186,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_c2( +static KRML_MUSTINLINE void ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2076,7 +2213,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void poly_barrett_reduce_89_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2092,23 +2229,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b5( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - ntt_at_layer_7_45(re); + ntt_at_layer_7_fd(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c4(&zeta_i, re); + ntt_at_layer_2_2d(&zeta_i, re); + ntt_at_layer_1_42(&zeta_i, re); + poly_barrett_reduce_89_e6(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2117,68 +2250,41 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_151( +static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2190,9 +2296,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +ntt_multiply_89_44(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2213,10 +2319,6 @@ ntt_multiply_89_48(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2227,13 +2329,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_971( +static KRML_MUSTINLINE void add_to_ring_element_89_ce1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2247,7 +2351,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i to_standard_domain_42(__m256i v) { +static core_core_arch_x86___m256i to_standard_domain_c8( + core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2262,108 +2367,66 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_ac( +static KRML_MUSTINLINE void add_standard_error_reduce_89_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - __m256i coefficient_normal_form = - to_standard_domain_42(self->coefficients[j]); + core_core_arch_x86___m256i coefficient_normal_form = + to_standard_domain_c8(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &error->coefficients[j])); } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_f01( +static KRML_MUSTINLINE void compute_As_plus_e_581( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); + ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ce1(&result[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2372,75 +2435,69 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_6c1( +static tuple_9b0 generate_keypair_unpacked_651( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_681(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_a9_e11(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a21(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac1(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_151(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_081(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - compute_As_plus_e_f01(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -2458,10 +2515,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1a1( +static void closure_761( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -2474,13 +2531,14 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_25( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - __m256i ret[16U]; + core_core_arch_x86___m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, __m256i, void *); - memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); + (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); + memcpy(lit.coefficients, ret, + (size_t)16U * sizeof(core_core_arch_x86___m256i)); return lit; } @@ -2493,7 +2551,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_a9_651(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_a11(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -2510,26 +2568,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_9b0 uu____0 = generate_keypair_unpacked_651(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_1a1(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_761(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_25(&ind_cpa_public_key.A[j][i1]); + clone_d5_6d(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2539,39 +2598,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c01(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_d01( + serialize_public_key_941( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_651(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2587,36 +2643,28 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e11( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e31( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_6c1(key_generation_seed); + tuple_9b0 uu____0 = generate_keypair_unpacked_651(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_d01( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_941(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_ae1(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_7f1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -2624,7 +2672,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_751( +static KRML_MUSTINLINE void serialize_kem_secret_key_f61( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2632,48 +2680,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_751( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_a9_651(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_a9_a11(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2687,35 +2733,39 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_361(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e11(ind_cpa_keypair_randomness); + generate_keypair_e31(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_751( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + serialize_kem_secret_key_f61( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a70(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d50( - uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); + libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb0( + uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2725,36 +2775,34 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_001(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_a9_512(prf_inputs, prf_outputs); + PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -2765,10 +2813,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_420(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_450(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2782,9 +2831,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_934(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_dd4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_450(input, ret); } /** @@ -2793,7 +2842,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_04( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_38( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2817,7 +2866,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_18( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2837,7 +2886,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_94( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_b7( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2855,11 +2904,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_34(__m256i a, __m256i b, int16_t zeta_r) { - __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +inv_ntt_layer_int_vec_step_reduce_0d(core_core_arch_x86___m256i a, + core_core_arch_x86___m256i b, + int16_t zeta_r) { + core_core_arch_x86___m256i a_minus_b = + libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = montgomery_multiply_fe_3e(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2870,7 +2922,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_75( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_78( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2885,11 +2937,11 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_75( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_34( + inv_ntt_layer_int_vec_step_reduce_0d( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - __m256i x = uu____0.fst; - __m256i y = uu____0.snd; + core_core_arch_x86___m256i x = uu____0.fst; + core_core_arch_x86___m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2902,18 +2954,18 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_be1( +static KRML_MUSTINLINE void invert_ntt_montgomery_241( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_04(&zeta_i, re); - invert_ntt_at_layer_2_18(&zeta_i, re); - invert_ntt_at_layer_3_94(&zeta_i, re); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_38(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_b7(&zeta_i, re); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_e6(re); } /** @@ -2926,13 +2978,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_46( +static KRML_MUSTINLINE void add_error_reduce_89_42( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - __m256i coefficient_normal_form = + core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2941,47 +2993,46 @@ static KRML_MUSTINLINE void add_error_reduce_89_46( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_6c1( +static KRML_MUSTINLINE void compute_vector_u_7e1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_971(&result[i1], &product); + ntt_multiply_89_44(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ce1(&result[i1], &product); } - invert_ntt_montgomery_be1(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_241(&result[i1]); + add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -2994,7 +3045,8 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static __m256i decompress_1_52(__m256i v) { +static core_core_arch_x86___m256i decompress_1_22( + core_core_arch_x86___m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3008,16 +3060,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_84(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_message_5a(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient_compressed = + core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, - uint8_t)); - re.coefficients[i0] = decompress_1_52(coefficient_compressed);); + (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice)); + re.coefficients[i0] = decompress_1_22(coefficient_compressed);); return re; } @@ -3032,19 +3084,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_37( +add_message_error_reduce_89_07( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient_normal_form = + core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], - &message->coefficients[i0]); - __m256i tmp0 = + core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( + self->coefficients[i0], &message->coefficients[i0]); + core_core_arch_x86___m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3052,9 +3104,6 @@ add_message_error_reduce_89_37( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3062,18 +3111,18 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_041( +compute_ring_element_v_af1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_be1(&result); - result = add_message_error_reduce_89_37(error_2, message, result); + ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ce1(&result, &product);); + invert_ntt_montgomery_241(&result); + result = add_message_error_reduce_89_07(error_2, message, result); return result; } @@ -3083,43 +3132,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3131,8 +3198,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_e9(__m256i vector) { - return compress_ciphertext_coefficient_5d(vector); +static core_core_arch_x86___m256i compress_ea_69( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac(vector); } /** @@ -3141,20 +3209,23 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_f0( +static KRML_MUSTINLINE void compress_then_serialize_10_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - compress_ea_e9(to_unsigned_representative_a4(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = + compress_ea_69(to_unsigned_representative_d2(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3165,43 +3236,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d0(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac0(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3213,8 +3302,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_e90(__m256i vector) { - return compress_ciphertext_coefficient_5d0(vector); +static core_core_arch_x86___m256i compress_ea_690( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac0(vector); } /** @@ -3224,16 +3314,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_36( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_f0(re, uu____0); + compress_then_serialize_10_b2(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3243,25 +3330,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_551( +static void compress_then_serialize_u_c51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4d(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_36(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -3271,43 +3362,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d1(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac1(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3319,8 +3428,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_e91(__m256i vector) { - return compress_ciphertext_coefficient_5d1(vector); +static core_core_arch_x86___m256i compress_ea_691( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac1(vector); } /** @@ -3329,20 +3439,22 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_59( +static KRML_MUSTINLINE void compress_then_serialize_4_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - compress_ea_e91(to_unsigned_representative_a4(re.coefficients[i0])); + core_core_arch_x86___m256i coefficient = + compress_ea_691(to_unsigned_representative_d2(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -3352,43 +3464,61 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_5d2(__m256i vector) { - __m256i field_modulus_halved = mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); - __m256i coefficient_bits_mask = - mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i compressed_low = - mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); - __m256i compressed_low0 = - mm256_add_epi32(compressed_low, field_modulus_halved); - __m256i compressed_low1 = +static KRML_MUSTINLINE core_core_arch_x86___m256i +compress_ciphertext_coefficient_ac2(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus_halved = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + core_core_arch_x86___m256i compression_factor = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); + core_core_arch_x86___m256i coefficient_bits_mask = + libcrux_intrinsics_avx2_mm256_set1_epi32( + ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i compressed_low = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, + field_modulus_halved); + core_core_arch_x86___m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - __m256i compressed_low2 = - mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); - __m256i compressed_low3 = - mm256_and_si256(compressed_low2, coefficient_bits_mask); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i compressed_high = - mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); - __m256i compressed_high0 = - mm256_add_epi32(compressed_high, field_modulus_halved); - __m256i compressed_high1 = + core_core_arch_x86___m256i compressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_low3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, + coefficient_bits_mask); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i compressed_high = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high0 = + libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, + field_modulus_halved); + core_core_arch_x86___m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - __m256i compressed_high2 = - mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); - __m256i compressed_high3 = - mm256_and_si256(compressed_high2, coefficient_bits_mask); - __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); + core_core_arch_x86___m256i compressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed_high3 = + libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, + coefficient_bits_mask); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, + compressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3400,8 +3530,9 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_e92(__m256i vector) { - return compress_ciphertext_coefficient_5d2(vector); +static core_core_arch_x86___m256i compress_ea_692( + core_core_arch_x86___m256i vector) { + return compress_ciphertext_coefficient_ac2(vector); } /** @@ -3410,20 +3541,22 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_73( +static KRML_MUSTINLINE void compress_then_serialize_5_a4( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = - compress_ea_e92(to_unsigned_representative_a4(re.coefficients[i0])); + core_core_arch_x86___m256i coefficients = + compress_ea_692(to_unsigned_representative_d2(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -3434,52 +3567,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_59(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_4_5a(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3497,25 +3589,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c61( +static void encrypt_unpacked_d21( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_151(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = - sample_ring_element_cbd_001(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = sample_ring_element_cbd_c01(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3523,33 +3612,34 @@ static void encrypt_unpacked_c61( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_934(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_a9_dd4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_6c1(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_7e1(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_84(copy_of_message); + deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_041(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_af1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_551( + compress_then_serialize_u_c51( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_dd( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_3c( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3571,51 +3661,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_c61(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_d21(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_100(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3629,20 +3719,15 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a81(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4b1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3650,14 +3735,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f23( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_493( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3665,9 +3750,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f23( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3692,52 +3777,49 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8e1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_351(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_f23( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + deserialize_ring_elements_reduced_493( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a21(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_ac1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; + memcpy(uu____1, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_c61(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_d21(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3752,11 +3834,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_4b1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3779,55 +3862,59 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_931( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a81( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_4b1( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_a9_651(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), - uint8_t), + H_a9_a11(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_8e1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_351(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_100(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4b1(shared_secret, shared_secret_array); + kdf_af_ab1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3837,39 +3924,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b7(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_15(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)10); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3882,8 +3988,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_d8(__m256i vector) { - return decompress_ciphertext_coefficient_b7(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_15(vector); } /** @@ -3893,15 +4000,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_29(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_10_46(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d8(coefficient); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b(coefficient); } return re; } @@ -3912,39 +4023,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b70(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_150(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)11); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -3957,8 +4087,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_d80(__m256i vector) { - return decompress_ciphertext_coefficient_b70(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b0( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_150(vector); } /** @@ -3968,15 +4099,19 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_77(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_11_f4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d80(coefficient); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b0(coefficient); } return re; } @@ -3988,8 +4123,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_ca(Eurydice_slice serialized) { - return deserialize_then_decompress_10_29(serialized); +deserialize_then_decompress_ring_element_u_80(Eurydice_slice serialized) { + return deserialize_then_decompress_10_46(serialized); } /** @@ -3998,23 +4133,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_29( +static KRML_MUSTINLINE void ntt_vector_u_10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c4(&zeta_i, re); + ntt_at_layer_2_2d(&zeta_i, re); + ntt_at_layer_1_42(&zeta_i, re); + poly_barrett_reduce_89_e6(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4023,16 +4154,17 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_861( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4045,9 +4177,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_861( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); - ntt_vector_u_29(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_80(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_10(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4060,39 +4194,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b71(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_151(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)4); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -4105,8 +4258,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_d81(__m256i vector) { - return decompress_ciphertext_coefficient_b71(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b1( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_151(vector); } /** @@ -4116,15 +4270,18 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_a5(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_4_34(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); - __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_d81(coefficient); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); + core_core_arch_x86___m256i coefficient = + libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b1(coefficient); } return re; } @@ -4135,39 +4292,58 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_b72(__m256i vector) { - __m256i field_modulus = - mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - __m256i two_pow_coefficient_bits = - mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); - __m128i coefficients_low = mm256_castsi256_si128(vector); - __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); - __m256i decompressed_low = - mm256_mullo_epi32(coefficients_low0, field_modulus); - __m256i decompressed_low0 = - mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); - __m256i decompressed_low1 = - mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); - __m256i decompressed_low2 = - mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); - __m256i decompressed_low3 = - mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); - __m128i coefficients_high = - mm256_extracti128_si256((int32_t)1, vector, __m128i); - __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); - __m256i decompressed_high = - mm256_mullo_epi32(coefficients_high0, field_modulus); - __m256i decompressed_high0 = - mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); - __m256i decompressed_high1 = - mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); - __m256i decompressed_high2 = - mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); - __m256i decompressed_high3 = - mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); - __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); - return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); +static KRML_MUSTINLINE core_core_arch_x86___m256i +decompress_ciphertext_coefficient_152(core_core_arch_x86___m256i vector) { + core_core_arch_x86___m256i field_modulus = + libcrux_intrinsics_avx2_mm256_set1_epi32( + (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + core_core_arch_x86___m256i two_pow_coefficient_bits = + libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 + << (uint32_t)(int32_t)5); + core_core_arch_x86___m128i coefficients_low = + libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); + core_core_arch_x86___m256i coefficients_low0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); + core_core_arch_x86___m256i decompressed_low = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, + field_modulus); + core_core_arch_x86___m256i decompressed_low0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_low2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_low3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, + core_core_arch_x86___m256i); + core_core_arch_x86___m128i coefficients_high = + libcrux_intrinsics_avx2_mm256_extracti128_si256( + (int32_t)1, vector, core_core_arch_x86___m128i); + core_core_arch_x86___m256i coefficients_high0 = + libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); + core_core_arch_x86___m256i decompressed_high = + libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, + field_modulus); + core_core_arch_x86___m256i decompressed_high0 = + libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high1 = + libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, + two_pow_coefficient_bits); + core_core_arch_x86___m256i decompressed_high2 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i decompressed_high3 = + libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, + core_core_arch_x86___m256i); + core_core_arch_x86___m256i compressed = + libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, + decompressed_high3); + return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( + (int32_t)216, compressed, core_core_arch_x86___m256i); } /** @@ -4180,8 +4356,9 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_d82(__m256i vector) { - return decompress_ciphertext_coefficient_b72(vector); +static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b2( + core_core_arch_x86___m256i vector) { + return decompress_ciphertext_coefficient_152(vector); } /** @@ -4191,16 +4368,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_d9(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_then_decompress_5_c0(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_d82(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_7b2(re.coefficients[i0]); } return re; } @@ -4212,8 +4392,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ca(Eurydice_slice serialized) { - return deserialize_then_decompress_4_a5(serialized); +deserialize_then_decompress_ring_element_v_19(Eurydice_slice serialized) { + return deserialize_then_decompress_4_34(serialized); } /** @@ -4227,12 +4407,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient_normal_form = + core_core_arch_x86___m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4242,12 +4422,6 @@ subtract_reduce_89_f9(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4255,17 +4429,17 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_4c1( +compute_message_9b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_971(&result, &product);); - invert_ntt_montgomery_be1(&result); - result = subtract_reduce_89_f9(v, result); + ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ce1(&result, &product);); + invert_ntt_montgomery_241(&result); + result = subtract_reduce_89_36(v, result); return result; } @@ -4275,48 +4449,27 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_dc( +static KRML_MUSTINLINE void compress_then_serialize_message_b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - __m256i coefficient = to_unsigned_representative_a4(re.coefficients[i0]); - __m256i coefficient_compressed = + core_core_arch_x86___m256i coefficient = + to_unsigned_representative_d2(re.coefficients[i0]); + core_core_arch_x86___m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), - uint8_t);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4327,19 +4480,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f51( +static void decrypt_unpacked_131( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_861(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ca( + deserialize_then_decompress_ring_element_v_19( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_4c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dc(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4348,10 +4502,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_42(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_45(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4365,8 +4520,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_933(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_dd3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); } /** @@ -4390,61 +4545,65 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f51(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_131(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_a9_dd3( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_c61(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_d21(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4456,35 +4615,35 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_cc(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_d5(); +deserialize_to_uncompressed_ring_element_42(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_6a1( +static KRML_MUSTINLINE void deserialize_secret_key_d61( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4492,9 +4651,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_6a1( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cc(secret_bytes); + deserialize_to_uncompressed_ring_element_42(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4512,22 +4671,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_741(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d91(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_6a1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + deserialize_secret_key_d61(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_f51(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_131(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4553,81 +4711,81 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff1( +void libcrux_ml_kem_ind_cca_decapsulate_261( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_741(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d91(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_a9_681(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e11( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_933(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_dd3( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_8e1(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_351(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4b1(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ab1( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_4b1(shared_secret0, shared_secret); + kdf_af_ab1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4635,14 +4793,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4650,9 +4808,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4660,9 +4818,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f22( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4670,34 +4825,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_ae0( +static KRML_MUSTINLINE void serialize_secret_key_7f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_af(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4706,20 +4861,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_d00( +static KRML_MUSTINLINE void serialize_public_key_940( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_ae0(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_7f0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4731,18 +4890,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_770(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_f22( + deserialize_ring_elements_reduced_492( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_940( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4770,7 +4929,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_a9_680(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e10(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -4780,10 +4939,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static void closure_b80( +static void closure_b90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -4792,14 +4951,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d0(uint8_t input[4U][34U]) { +shake128_init_absorb_b40(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); return state; } @@ -4813,11 +4973,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca0(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d0(copy_of_input); +shake128_init_absorb_a9_cf0(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b40(uu____0); } /** @@ -4826,7 +4985,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_980( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -4834,10 +4993,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b0( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -4863,52 +5022,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c00( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_6b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_980(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -4916,7 +5034,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f91( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -4927,11 +5045,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -4953,7 +5072,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_1b0( +static KRML_MUSTINLINE void shake128_squeeze_block_aa0( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -4961,10 +5080,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -4989,52 +5108,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a0( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_a30( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_1b0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_aa0(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5042,7 +5120,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f92( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -5053,11 +5131,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5080,10 +5159,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_790( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_190( int16_t s[272U]) { - return from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -5092,43 +5171,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_b00( +static KRML_MUSTINLINE void sample_from_xof_af0( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca0(copy_of_seeds); + shake128_init_absorb_a9_cf0(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_a9_4d0(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb1( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_a9_c00(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_f91( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_a9_5a0(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb2( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_a9_a30(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_f92( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_790(copy_of_out[i]);); + ret0[i] = closure_190(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5140,33 +5214,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_a20( +static KRML_MUSTINLINE void sample_matrix_A_ac0( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_b80(A_transpose[i]);); + closure_b90(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_b00(copy_of_seeds, sampled); + sample_from_xof_af0(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5175,9 +5248,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a20( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); @@ -5200,7 +5271,7 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_661(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -5208,14 +5279,14 @@ static KRML_MUSTINLINE void PRFxN_1c1(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5241,15 +5312,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_511(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a11(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1c1(input, ret); + PRFxN_661(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5258,45 +5325,41 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_150( +static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5307,13 +5370,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_970( +static KRML_MUSTINLINE void add_to_ring_element_89_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5321,94 +5386,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_970( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_f00( +static KRML_MUSTINLINE void compute_As_plus_e_580( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); + ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ce0(&result[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5417,75 +5440,69 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_6c0( +static tuple_54 generate_keypair_unpacked_650( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_680(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_a9_e10(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a20(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac0(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_150(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_080(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - compute_As_plus_e_f00(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -5503,10 +5520,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_1a0( +static void closure_760( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -5518,7 +5535,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_a9_650(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_a10(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -5535,26 +5552,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_54 uu____0 = generate_keypair_unpacked_6c0(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_54 uu____0 = generate_keypair_unpacked_650(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_1a0(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_760(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_25(&ind_cpa_public_key.A[j][i1]); + clone_d5_6d(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5564,39 +5582,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c00(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_d00( + serialize_public_key_940( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_650(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5612,36 +5627,28 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e10( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e30( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_6c0(key_generation_seed); + tuple_54 uu____0 = generate_keypair_unpacked_650(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_d00( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_940(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_ae0(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_7f0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5649,7 +5656,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_750( +static KRML_MUSTINLINE void serialize_kem_secret_key_f60( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5657,48 +5664,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_750( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_a9_650(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_a9_a10(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5712,35 +5717,39 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_360(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e10(ind_cpa_keypair_randomness); + generate_keypair_e30(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_750( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), + serialize_kem_secret_key_f60( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_22_a71(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d51( - uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); + libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb1( + uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5750,36 +5759,34 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_000(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_a9_511(prf_inputs, prf_outputs); + PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -5795,9 +5802,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_932(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_dd2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_450(input, ret); } /** @@ -5806,70 +5813,66 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_be0( +static KRML_MUSTINLINE void invert_ntt_montgomery_240( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_04(&zeta_i, re); - invert_ntt_at_layer_2_18(&zeta_i, re); - invert_ntt_at_layer_3_94(&zeta_i, re); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_38(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_b7(&zeta_i, re); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_e6(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_6c0( +static KRML_MUSTINLINE void compute_vector_u_7e0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_970(&result[i1], &product); + ntt_multiply_89_44(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ce0(&result[i1], &product); } - invert_ntt_montgomery_be0(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_240(&result[i1]); + add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5877,18 +5880,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_040( +compute_ring_element_v_af0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_be0(&result); - result = add_message_error_reduce_89_37(error_2, message, result); + ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ce0(&result, &product);); + invert_ntt_montgomery_240(&result); + result = add_message_error_reduce_89_07(error_2, message, result); return result; } @@ -5898,20 +5901,23 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_630( +static KRML_MUSTINLINE void compress_then_serialize_11_490( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = - compress_ea_e90(to_unsigned_representative_a4(re->coefficients[i0])); + core_core_arch_x86___m256i coefficient = + compress_ea_690(to_unsigned_representative_d2(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -5923,16 +5929,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_4d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_360( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_630(re, uu____0); + compress_then_serialize_11_490(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5942,25 +5945,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_550( +static void compress_then_serialize_u_c50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_4d0(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_360(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -5971,52 +5978,11 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_dd0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_73(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_5_a4(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6034,25 +6000,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c60( +static void encrypt_unpacked_d20( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_150(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = - sample_ring_element_cbd_000(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = sample_ring_element_cbd_c00(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6060,33 +6023,35 @@ static void encrypt_unpacked_c60( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_932(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_a9_dd2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_6c0(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_7e0(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_84(copy_of_message); + deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_040(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_af0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_550( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); + compress_then_serialize_u_c50( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_dd0( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_3c0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6108,51 +6073,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_c60(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_d20(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_101(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6166,20 +6131,15 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a80(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4b0(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6187,14 +6147,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f21( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_491( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6202,9 +6162,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f21( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6229,52 +6189,49 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8e0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_350(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_f21( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + deserialize_ring_elements_reduced_491( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a20(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_ac0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; + memcpy(uu____1, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_c60(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_d20(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6289,11 +6246,12 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_4b0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6316,55 +6274,59 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_930( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a80( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_4b0( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_a9_650(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), - uint8_t), + H_a9_a10(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_8e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_350(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_101(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4b0(shared_secret, shared_secret_array); + kdf_af_ab0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6375,8 +6337,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_ca0(Eurydice_slice serialized) { - return deserialize_then_decompress_11_77(serialized); +deserialize_then_decompress_ring_element_u_800(Eurydice_slice serialized) { + return deserialize_then_decompress_11_f4(serialized); } /** @@ -6385,23 +6347,19 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_290( +static KRML_MUSTINLINE void ntt_vector_u_100( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_b4(&zeta_i, re); - ntt_at_layer_2_7c(&zeta_i, re); - ntt_at_layer_1_c2(&zeta_i, re); - poly_barrett_reduce_89_99(re); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_c4(&zeta_i, re); + ntt_at_layer_2_2d(&zeta_i, re); + ntt_at_layer_1_42(&zeta_i, re); + poly_barrett_reduce_89_e6(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6410,16 +6368,17 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_860( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6432,9 +6391,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_860( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca0(u_bytes); - ntt_vector_u_290(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_800(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_100(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6448,16 +6409,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_ca0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_d9(serialized); +deserialize_then_decompress_ring_element_v_190(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c0(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6465,44 +6420,20 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_4c0( +compute_message_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_970(&result, &product);); - invert_ntt_montgomery_be0(&result); - result = subtract_reduce_89_f9(v, result); + ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ce0(&result, &product);); + invert_ntt_montgomery_240(&result); + result = subtract_reduce_89_36(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6513,19 +6444,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_f50( +static void decrypt_unpacked_130( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_860(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ca0( + deserialize_then_decompress_ring_element_v_190( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_4c0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dc(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6539,8 +6471,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_931(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_dd1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); } /** @@ -6564,83 +6496,84 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f50(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_130(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_a9_dd1( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_c60(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_d20(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_6a0( +static KRML_MUSTINLINE void deserialize_secret_key_d60( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6648,9 +6581,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_6a0( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cc(secret_bytes); + deserialize_to_uncompressed_ring_element_42(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6668,22 +6601,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_740(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d90(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_6a0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; + deserialize_secret_key_d60(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_f50(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_130(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6709,82 +6641,82 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff0( +void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_740(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d90(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_a9_680(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e10( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_931(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_dd1( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_8e0(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_350(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4b0(Eurydice_array_to_slice( - (size_t)32U, implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ab0( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_4b0(shared_secret0, shared_secret); + kdf_af_ab0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6792,14 +6724,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6807,9 +6739,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6817,9 +6749,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f20( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6827,34 +6756,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_ae( +static KRML_MUSTINLINE void serialize_secret_key_7f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_92(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_af(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6863,20 +6792,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_d0( +static KRML_MUSTINLINE void serialize_public_key_94( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_ae(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_7f(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6888,18 +6820,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_77(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_f20( + deserialize_ring_elements_reduced_490( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_94( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6927,7 +6859,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.G_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_a9_68(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_a9_e1(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -6937,10 +6869,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static void closure_b8( +static void closure_b9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -6949,14 +6881,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_4d(uint8_t input[2U][34U]) { +shake128_init_absorb_b4(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); + &state, + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); return state; } @@ -6970,11 +6903,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -shake128_init_absorb_a9_ca(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_4d(copy_of_input); +shake128_init_absorb_a9_cf(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b4(uu____0); } /** @@ -6983,7 +6915,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_98( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -6991,10 +6923,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -7014,52 +6946,11 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_three_blocks_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_4d( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_6b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_98(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7067,7 +6958,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f9( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7078,11 +6969,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7104,7 +6996,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_1b( +static KRML_MUSTINLINE void shake128_squeeze_block_aa( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -7112,10 +7004,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7134,52 +7026,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_a9_5a( +static KRML_MUSTINLINE void shake128_squeeze_block_a9_a3( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_1b(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_aa(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7187,7 +7038,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f90( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -7198,11 +7049,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_bb0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7225,10 +7077,10 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_79( +static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_19( int16_t s[272U]) { - return from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_46(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -7237,43 +7089,38 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_b0( +static KRML_MUSTINLINE void sample_from_xof_af( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_ca(copy_of_seeds); + shake128_init_absorb_a9_cf(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_a9_4d(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_bb( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_a9_c0(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_f9( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_a9_5a(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_bb0( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_a9_a3(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_f90( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_79(copy_of_out[i]);); + ret0[i] = closure_19(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7285,33 +7132,32 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_a2( +static KRML_MUSTINLINE void sample_matrix_A_ac( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_b8(A_transpose[i]);); + closure_b9(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_b0(copy_of_seeds, sampled); + sample_from_xof_af(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7320,9 +7166,7 @@ static KRML_MUSTINLINE void sample_matrix_A_a2( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); @@ -7345,7 +7189,7 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_66(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; uint8_t out0[192U] = {0U}; @@ -7353,14 +7197,14 @@ static KRML_MUSTINLINE void PRFxN_1c(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7380,9 +7224,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_a9_51(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a1(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1c(input, ret); + PRFxN_66(input, ret); } /** @@ -7392,14 +7236,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -sample_from_binomial_distribution_47(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_43(randomness); +sample_from_binomial_distribution_73(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_c4(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7408,45 +7248,41 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_15( +static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_a9_51(prf_inputs, prf_outputs); + PRFxN_a9_a1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = + sample_from_binomial_distribution_73(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7457,13 +7293,15 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_97( +static KRML_MUSTINLINE void add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice( - (size_t)16U, self->coefficients, __m256i), - __m256i); + i < + core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)16U, self->coefficients, + core_core_arch_x86___m256i, Eurydice_slice), + core_core_arch_x86___m256i, size_t); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7471,94 +7309,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_97( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_f0( +static KRML_MUSTINLINE void compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); + ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_ce(&result[i1], &product); } - add_standard_error_reduce_89_ac(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_06(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7567,75 +7363,69 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_6c( +static tuple_4c generate_keypair_unpacked_65( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_a2(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_15(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_08(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - compute_As_plus_e_f0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -7653,10 +7443,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_1a( +static void closure_76( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_d5();); + ret[i] = ZERO_89_9b();); } /** @@ -7668,7 +7458,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.avx2.H_a9 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_a9_65(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_a9_a1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -7685,26 +7475,27 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c uu____0 = generate_keypair_unpacked_6c(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_4c uu____0 = generate_keypair_unpacked_65(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_1a(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_76(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_25(&ind_cpa_public_key.A[j][i1]); + clone_d5_6d(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7714,39 +7505,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_d0( + serialize_public_key_94( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_65(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7762,36 +7550,28 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e1( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e3( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_6c(key_generation_seed); + tuple_4c uu____0 = generate_keypair_unpacked_65(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_d0( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_94(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_ae(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_7f(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7799,7 +7579,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_75( +static KRML_MUSTINLINE void serialize_kem_secret_key_f6( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7807,48 +7587,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_75( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_a9_65(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_a9_a1(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7861,31 +7639,38 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_36( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e1(ind_cpa_keypair_randomness); + generate_keypair_e3(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), + serialize_kem_secret_key_f6( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb( + uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); } /** @@ -7894,7 +7679,7 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_660(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -7902,14 +7687,14 @@ static KRML_MUSTINLINE void PRFxN_1c0(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -7929,14 +7714,11 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_a9_510(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_a9_a10(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1c0(input, ret); + PRFxN_660(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7946,36 +7728,34 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_00(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_d5();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_9b();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_a9_510(prf_inputs, prf_outputs); + PRFxN_a9_a10(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -7991,9 +7771,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_a9_930(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_a9_dd0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_420(input, ret); + PRF_450(input, ret); } /** @@ -8002,70 +7782,66 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_be( +static KRML_MUSTINLINE void invert_ntt_montgomery_24( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_04(&zeta_i, re); - invert_ntt_at_layer_2_18(&zeta_i, re); - invert_ntt_at_layer_3_94(&zeta_i, re); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_75(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_99(re); + invert_ntt_at_layer_1_38(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_b7(&zeta_i, re); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_e6(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_6c( +static KRML_MUSTINLINE void compute_vector_u_7e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_d5();); + result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(a_element, &r_as_ntt[j]); - add_to_ring_element_89_97(&result[i1], &product); + ntt_multiply_89_44(a_element, &r_as_ntt[j]); + add_to_ring_element_89_ce(&result[i1], &product); } - invert_ntt_montgomery_be(&result[i1]); - add_error_reduce_89_46(&result[i1], &error_1[i1]); + invert_ntt_montgomery_24(&result[i1]); + add_error_reduce_89_42(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8073,24 +7849,21 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_04( +compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_be(&result); - result = add_message_error_reduce_89_37(error_2, message, result); + ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_ce(&result, &product);); + invert_ntt_montgomery_24(&result); + result = add_message_error_reduce_89_07(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8100,69 +7873,32 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_55( +static void compress_then_serialize_u_c5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_4d(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_36(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -8180,25 +7916,22 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_c6( +static void encrypt_unpacked_d2( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_15(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = - sample_ring_element_cbd_00(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = sample_ring_element_cbd_c0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -8206,33 +7939,34 @@ static void encrypt_unpacked_c6( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_930(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_a9_dd0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_470( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_730(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_6c(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_7e(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_84(copy_of_message); + deserialize_then_decompress_message_5a(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_04(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_af(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_55( + compress_then_serialize_u_c5( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_dd( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_3c( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -8254,51 +7988,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_c6(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_d2(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_10(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8312,20 +8046,15 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_a8(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4b(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8333,14 +8062,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_49( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_d5();); + deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8348,9 +8077,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_f2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_c5(ring_element); + deserialize_to_reduced_ring_element_7f(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8375,52 +8104,49 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_8e(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_35(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_f2( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + deserialize_ring_elements_reduced_49( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_a2(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; + memcpy(uu____1, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_c6(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_d2(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8435,11 +8161,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_4b(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8462,62 +8189,62 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_93( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_a8( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_4b( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_a9_65(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t), + H_a9_a1(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_8e(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_35(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_4b(shared_secret, shared_secret_array); + kdf_af_ab(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8526,16 +8253,17 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_86( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_d5();); + u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8548,21 +8276,17 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_86( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_ca(u_bytes); - ntt_vector_u_29(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = + deserialize_then_decompress_ring_element_u_80(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_10(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8570,44 +8294,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_4c( +compute_message_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_d5(); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = ZERO_89_9b(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - ntt_multiply_89_48(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_97(&result, &product);); - invert_ntt_montgomery_be(&result); - result = subtract_reduce_89_f9(v, result); + ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_ce(&result, &product);); + invert_ntt_montgomery_24(&result); + result = subtract_reduce_89_36(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8618,19 +8318,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_f5( +static void decrypt_unpacked_13( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_86(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_ca( + deserialize_then_decompress_ring_element_v_19( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_4c(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_9b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_dc(message, ret0); + compress_then_serialize_message_b1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8644,8 +8345,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_a9_93(Eurydice_slice input, uint8_t ret[32U]) { - PRF_42(input, ret); +static KRML_MUSTINLINE void PRF_a9_dd(Eurydice_slice input, uint8_t ret[32U]) { + PRF_45(input, ret); } /** @@ -8669,82 +8370,83 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2f( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_f5(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_13(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_a9_dd( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_c6(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_d2(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_6a( +static KRML_MUSTINLINE void deserialize_secret_key_d6( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_d5();); + secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8752,9 +8454,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_6a( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_cc(secret_bytes); + deserialize_to_uncompressed_ring_element_42(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8772,22 +8474,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_74(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_d9(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_6a(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; + deserialize_secret_key_d6(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_f5(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_13(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8813,70 +8514,77 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_ff( +void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_74(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_d9(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_a9_68(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_93(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_a9_dd( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_8e(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_35(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_4b(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ab( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_4b(shared_secret0, shared_secret); + kdf_af_ab(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index b79663481..449e5df23 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_avx2_H @@ -30,311 +30,335 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -__m256i libcrux_ml_kem_vector_avx2_zero(void); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); -__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( + Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( + Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, + int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, + int16_t ret[16U]); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, - int16_t c); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + core_core_arch_x86___m256i v, int16_t c); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + core_core_arch_x86___m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - __m256i vector); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + core_core_arch_x86___m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( + core_core_arch_x86___m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) -/** - See Section 3.2 of the implementation notes document for an explanation - of this code. -*/ -__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( + core_core_arch_x86___m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( + core_core_arch_x86___m256i vector); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + core_core_arch_x86___m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - __m256i vector, int16_t constant); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + core_core_arch_x86___m256i vector, int16_t constant); -__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - __m256i vector); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + core_core_arch_x86___m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( + core_core_arch_x86___m256i vector); -__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, - __m256i rhs); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - __m256i v, __m256i c); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); -__m128i +core_core_arch_x86___m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - __m128i v, __m128i c); + core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, + int16_t zeta2, int16_t zeta3); -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, - int16_t zeta0, - int16_t zeta1); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); -__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + core_core_arch_x86___m256i vector, int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, - int16_t zeta); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( + core_core_arch_x86___m256i vector, int16_t zeta); -__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); +core_core_arch_x86___m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( + core_core_arch_x86___m256i v); -__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, - int16_t zeta0, - int16_t zeta1, - int16_t zeta2, - int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, - int16_t zeta3); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( + core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, + int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, - uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_ea( + core_core_arch_x86___m256i vector, uint8_t ret[2U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, - uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_ea( + core_core_arch_x86___m256i vector, uint8_t ret[8U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, - uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, - uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_ea( + core_core_arch_x86___m256i vector, uint8_t ret[10U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, - uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, - uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_ea( + core_core_arch_x86___m256i vector, uint8_t ret[20U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, - uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, - uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_ea( + core_core_arch_x86___m256i vector, uint8_t ret[22U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( + Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, - uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, - uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_ea( + core_core_arch_x86___m256i vector, uint8_t ret[24U]); -__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( + Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -350,7 +374,8 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); +core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( + core_core_arch_x86___m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -358,7 +383,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - __m256i coefficients[16U]; + core_core_arch_x86___m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 0f4ebe8f1..e82ce94ef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_mlkem_neon.h" @@ -17,7 +17,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -25,6 +26,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index ab7713427..138774405 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 4c5b233f3..8cd0d81d5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_mlkem_portable.h" @@ -20,7 +20,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -28,7 +29,8 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -73,8 +75,10 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), - Eurydice_slice, int16_t[16U]); + &dst, + Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, + Eurydice_slice), + Eurydice_slice, int16_t[16U], void *); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -91,64 +95,68 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); + uint8_t r0 = + (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 5U); - uint8_t r3 = - (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & - (int16_t)255); + uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 4U); - uint8_t r7 = - (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & - (int16_t)255); + uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) >> + 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 6U); - uint8_t r10 = - (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); + uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, + int16_t *, int16_t) >> + 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -166,11 +174,12 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -210,56 +219,66 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 3U; - int16_t r2 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 6U; - int16_t r3 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> - 1U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> - 4U; - int16_t r5 = - (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 7U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 2U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> - 5U; + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 3U; + int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) >> + 1U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 7U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, + uint8_t *, uint8_t) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -295,10 +314,12 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -997,19 +1018,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1045,20 +1053,6 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1077,17 +1071,6 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1119,28 +1102,6 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1413,28 +1374,6 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1526,17 +1465,19 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)0U, uint8_t, uint8_t *) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( - v, (size_t)1U, uint8_t, uint8_t *) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = + (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1552,26 +1493,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *); - uint8_t result1 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *); - uint8_t result2 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *); - uint8_t result3 = - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *); + uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)1U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)3U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)2U, int16_t, int16_t *, int16_t); + uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)5U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)4U, int16_t, int16_t *, int16_t); + uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)7U, int16_t, int16_t *, int16_t) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index( + v, (size_t)6U, int16_t, int16_t *, int16_t); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1582,11 +1523,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + int16_t, Eurydice_slice)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1612,32 +1553,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1653,9 +1594,11 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1689,24 +1632,40 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) + << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, + int16_t) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) + << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) + << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, + int16_t) >> + 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, + int16_t) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) + << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, + int16_t) >> + 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) + << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1715,10 +1674,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1746,44 +1706,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & 3U) << 3U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & 15U) << 1U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & 1U) << 4U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & 7U) << 2U | - (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, - uint8_t, uint8_t *) >> + (uint32_t)Eurydice_slice_index( + bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, - uint8_t, uint8_t *) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( + bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1798,9 +1758,11 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1833,36 +1795,37 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *) & + int16_t *, int16_t) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *) >> + int16_t *, int16_t) >> 4U & (int16_t)63); - uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & - (int16_t)255); + uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, + int16_t) >> + 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1871,15 +1834,17 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, + Eurydice_slice)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, + Eurydice_slice)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1917,52 +1882,60 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r1 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> - 2U; - int16_t r2 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> - 4U; - int16_t r3 = - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> - 6U; - int16_t r4 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & - (int16_t)255); - int16_t r5 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> - 2U; - int16_t r6 = - ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> - 4U; - int16_t r7 = - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> - 6U; + int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, + uint8_t *, uint8_t) >> + 6U; + int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)255); + int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, + uint8_t *, uint8_t) >> + 2U; + int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, + uint8_t *, uint8_t) >> + 4U; + int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, + uint8_t *, uint8_t) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, + uint8_t *, uint8_t) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -1976,10 +1949,12 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, + Eurydice_slice)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2012,17 +1987,20 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & - (int16_t)255); - uint8_t r1 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & - (int16_t)15) - << 4U); - uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & - (int16_t)255); + uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) & + (int16_t)255); + uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, + int16_t) >> + 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, + int16_t *, int16_t) & + (int16_t)15) + << 4U); + uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, + int16_t) >> + 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2030,25 +2008,29 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, + Eurydice_slice)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, + Eurydice_slice)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, + Eurydice_slice)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, + Eurydice_slice)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, + Eurydice_slice)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, + Eurydice_slice)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, + Eurydice_slice)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, - int16_t)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, + Eurydice_slice)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2090,12 +2072,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); - int16_t byte1 = - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); - int16_t byte2 = - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); + int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, + uint8_t *, uint8_t); + int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, + uint8_t *, uint8_t); + int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, + uint8_t *, uint8_t); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2104,24 +2086,32 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, + Eurydice_slice)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, + Eurydice_slice)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, + Eurydice_slice)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, + Eurydice_slice)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, + Eurydice_slice)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, + Eurydice_slice)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, + Eurydice_slice)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, + Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2155,15 +2145,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; - i++) { + for (size_t i = (size_t)0U; + i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *); + uint8_t, uint8_t *, uint8_t); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2175,7 +2165,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2186,7 +2176,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; sampled++; continue; } @@ -2203,7 +2194,8 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = + uu____4; sampled++; continue; } @@ -2241,7 +2233,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_8d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2262,12 +2254,6 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_39(void) { return lit; } -/** - Only use with public values. - - This MUST NOT be used with secret inputs, like its caller - `deserialize_ring_elements_reduced`. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2275,13 +2261,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_reduced_ring_element_a4(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2291,12 +2280,6 @@ deserialize_to_reduced_ring_element_b8(Eurydice_slice serialized) { return re; } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2304,14 +2287,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2319,9 +2302,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2335,7 +2318,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_f8(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +shift_right_68(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -2354,8 +2337,8 @@ with const generics - SHIFT_BY= 15 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -shift_right_0d_4b(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return shift_right_f8(v); +shift_right_0d_f2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return shift_right_68(v); } /** @@ -2365,10 +2348,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_78( +to_unsigned_representative_e5( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - shift_right_0d_4b(a); + shift_right_0d_f2(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -2381,27 +2364,27 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_f6( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re->coefficients[i0]); + to_unsigned_representative_e5(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2409,34 +2392,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_f81( +static KRML_MUSTINLINE void serialize_secret_key_6d1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_1d(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2445,20 +2428,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_801( +static KRML_MUSTINLINE void serialize_public_key_eb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1536U, uint8_t, Eurydice_slice); uint8_t ret0[1536U]; - serialize_secret_key_f81(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_6d1(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1536U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2470,18 +2457,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_9f4( + deserialize_ring_elements_reduced_1d4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_eb1( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2509,7 +2496,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void G_f1_b61(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e41(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -2520,10 +2507,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static void closure_e81( +static void closure_081( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -2541,22 +2528,21 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_751(uint8_t input[4U][34U]) { +shake128_init_absorb_b71(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[4U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; + memcpy(uu____0, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2572,11 +2558,10 @@ generics - K= 4 */ static KRML_MUSTINLINE PortableHash_d1 -shake128_init_absorb_f1_111(uint8_t input[4U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[4U][34U]; - memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_751(copy_of_input); +shake128_init_absorb_f1_8c1(uint8_t input[4U][34U]) { + uint8_t uu____0[4U][34U]; + memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b71(uu____0); } /** @@ -2585,14 +2570,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_101( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca1( PortableHash_d1 *st, uint8_t ret[4U][504U]) { uint8_t out[4U][504U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2606,52 +2592,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e1( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_691( PortableHash_d1 *self, uint8_t ret[4U][504U]) { - shake128_squeeze_three_blocks_101(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_ca1(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2659,7 +2604,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c3( uint8_t randomness[4U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2670,11 +2615,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_053( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2697,14 +2643,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed1(PortableHash_d1 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_dd1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2718,52 +2664,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c11( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_601( PortableHash_d1 *self, uint8_t ret[4U][168U]) { - shake128_squeeze_block_ed1(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_dd1(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2771,7 +2676,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c4( uint8_t randomness[4U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR4( @@ -2782,11 +2687,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_054( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2814,15 +2720,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -from_i16_array_89_6b(Eurydice_slice a) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); +from_i16_array_89_ca(Eurydice_slice a) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t)); + (i0 + (size_t)1U) * (size_t)16U, int16_t, + Eurydice_slice)); result.coefficients[i0] = uu____0; } return result; @@ -2835,10 +2742,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_991( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f1( int16_t s[272U]) { - return from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -2848,42 +2755,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_from_xof_2b1( +static KRML_MUSTINLINE void sample_from_xof_d41( uint8_t seeds[4U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_111(copy_of_seeds); + uint8_t uu____0[4U][34U]; + memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(uu____0); uint8_t randomness0[4U][504U]; - shake128_squeeze_three_blocks_f1_4e1(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[4U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_053( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_f1_691(&xof_state, randomness0); + uint8_t uu____1[4U][504U]; + memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_2c3( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; - shake128_squeeze_block_f1_c11(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[4U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)4U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_054( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_f1_601(&xof_state, randomness); + uint8_t uu____2[4U][168U]; + memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_2c4( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[4U][272U]; - memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); + int16_t uu____3[4U][272U]; + memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_991(copy_of_out[i]);); + ret0[i] = closure_2f1(uu____3[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2896,33 +2798,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void sample_matrix_A_231( +static KRML_MUSTINLINE void sample_matrix_A_051( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U][4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - closure_e81(A_transpose[i]);); + closure_081(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[4U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + uint8_t uu____1[4U][34U]; + memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_2b1(copy_of_seeds, sampled); + sample_from_xof_d41(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2931,9 +2832,7 @@ static KRML_MUSTINLINE void sample_matrix_A_231( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2956,14 +2855,15 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d2(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c52(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4( - i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2977,60 +2877,11 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_892(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_932(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { - PRFxN_1d2(input, ret); + PRFxN_c52(input, ret); } -/** - Given a series of uniformly random bytes in `randomness`, for some number - `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring - element from a binomial distribution centered at 0 that uses two sets of `eta` - coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` - such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: - - ```plaintext - - If v < 0, Pr[v] = Pr[-v] - - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) - ``` - - The values `v < 0` are mapped to the appropriate `KyberFieldElement`. - - The expected value is: - - ```plaintext - E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] - + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. - ``` - - And the variance is: - - ```plaintext - Var(X) = E[(X - E[X])^2] - = E[X^2] - = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / - 2^(2 * ETA)) = ETA / 2 - ``` - - This function implements Algorithm 7 of the NIST FIPS 203 - standard, which is reproduced below: - - ```plaintext - Input: byte array B ∈ 𝔹^{64η}. - Output: array f ∈ ℤ₂₅₆. - - b ← BytesToBits(B) - for (i ← 0; i < 256; i++) - x ← ∑(j=0 to η - 1) b[2iη + j] - y ← ∑(j=0 to η - 1) b[2iη + η + j] - f[i] ← x−y mod q - end for - return f - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -3038,25 +2889,27 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { +sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t); + chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3072,8 +2925,8 @@ sample_from_binomial_distribution_2_20(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -3083,22 +2936,24 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { +sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { + i0 < + core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; + i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t); + chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *) | + uint8_t *, uint8_t) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *) + uint8_t *, uint8_t) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3116,8 +2971,8 @@ sample_from_binomial_distribution_3_85(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_6b( - Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_slice( + (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); } /** @@ -3127,8 +2982,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_66(Eurydice_slice randomness) { - return sample_from_binomial_distribution_2_20(randomness); +sample_from_binomial_distribution_34(Eurydice_slice randomness) { + return sample_from_binomial_distribution_2_52(randomness); } /** @@ -3137,7 +2992,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_7_13( +static KRML_MUSTINLINE void ntt_at_layer_7_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3145,8 +3000,9 @@ static KRML_MUSTINLINE void ntt_at_layer_7_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - re->coefficients[j + step] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); + re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3165,7 +3021,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -montgomery_multiply_fe_d5( +montgomery_multiply_fe_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -3179,12 +3035,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - montgomery_multiply_fe_d5(b, zeta_r); + montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -3198,7 +3054,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3211,7 +3067,7 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - ntt_layer_int_vec_step_d7( + ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3228,7 +3084,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_3_34( +static KRML_MUSTINLINE void ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3246,18 +3102,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_2_7b( +static KRML_MUSTINLINE void ntt_at_layer_2_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3266,12 +3122,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_at_layer_1_4f( +static KRML_MUSTINLINE void ntt_at_layer_1_43( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3281,7 +3137,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_4f( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3294,7 +3150,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void poly_barrett_reduce_89_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -3312,23 +3168,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_88( +static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - ntt_at_layer_7_13(re); + ntt_at_layer_7_09(re); size_t zeta_i = (size_t)1U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_a6(&zeta_i, re); + ntt_at_layer_2_23(&zeta_i, re); + ntt_at_layer_1_43(&zeta_i, re); + poly_barrett_reduce_89_61(re); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3338,68 +3190,41 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_d71( +static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } -/** - Given two `KyberPolynomialRingElement`s in their NTT representations, - compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, - the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: - - ```plaintext - ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² - - ζ^(2·BitRev₇(i) + 1)) - ``` - - This function almost implements Algorithm 10 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. - Output: An array ĥ ∈ ℤq. - - for(i ← 0; i < 128; i++) - (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], - ζ^(2·BitRev₇(i) + 1)) end for return ĥ - ``` - We say "almost" because the coefficients of the ring element output by - this function are in the Montgomery domain. - - The NIST FIPS 203 standard can be found at - . -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3411,9 +3236,9 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +ntt_multiply_89_17(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3436,10 +3261,6 @@ ntt_multiply_89_d5(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3450,15 +3271,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void add_to_ring_element_89_931( +static KRML_MUSTINLINE void add_to_ring_element_89_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3475,7 +3298,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_standard_domain_3e( +to_standard_domain_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -3491,14 +3314,14 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_standard_error_reduce_89_99( +static KRML_MUSTINLINE void add_standard_error_reduce_89_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector - coefficient_normal_form = to_standard_domain_3e(self->coefficients[j]); + coefficient_normal_form = to_standard_domain_a8(self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(coefficient_normal_form, @@ -3507,94 +3330,52 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_99( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_As_plus_e_da1( +static KRML_MUSTINLINE void compute_As_plus_e_cb1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_e81(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3604,75 +3385,69 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_f41( +static tuple_540 generate_keypair_unpacked_d11( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b61(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_e41(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_231(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_051(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d71(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_a71(uu____3, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - compute_As_plus_e_da1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] - [4U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; + memcpy(uu____5, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3691,10 +3466,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_841( +static void closure_f01( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -3707,7 +3482,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_14( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3729,7 +3504,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 4 */ -static KRML_MUSTINLINE void H_f1_2e1(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_1a1(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -3747,26 +3522,27 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_540 uu____0 = generate_keypair_unpacked_f41(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_540 uu____0 = generate_keypair_unpacked_d11(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_841(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f01(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_14(&ind_cpa_public_key.A[j][i1]); + clone_d5_3a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3776,39 +3552,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_371(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_801( + serialize_public_key_eb1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), + H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3825,36 +3598,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_ec1( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c51( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_f41(key_generation_seed); + tuple_540 uu____0 = generate_keypair_unpacked_d11(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; uint8_t public_key_serialized[1568U]; - serialize_public_key_801( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_eb1(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_f81(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1536U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1568U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_6d1(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1536U]; + memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); + uint8_t uu____2[1568U]; + memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3862,7 +3627,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f2( +static KRML_MUSTINLINE void serialize_kem_secret_key_66( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3870,48 +3635,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f2( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e1(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_1a1(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3926,35 +3689,39 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d71(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_ec1(ind_cpa_keypair_randomness); + generate_keypair_c51(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f2( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), + serialize_kem_secret_key_66( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[3168U]; + memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_22_a71(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_95 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d51( - uu____1, libcrux_ml_kem_types_from_c7_141(public_key)); + libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; + uint8_t uu____3[1568U]; + memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb1( + uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3965,36 +3732,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_761(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bf1(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - error_1[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[4U][128U]; - PRFxN_f1_892(prf_inputs, prf_outputs); + PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -4005,10 +3770,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void PRF_3a0(Eurydice_slice input, uint8_t ret[128U]) { +static KRML_MUSTINLINE void PRF_2b0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4022,9 +3788,9 @@ with const generics - K= 4 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_044(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_ee4(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_2b0(input, ret); } /** @@ -4033,12 +3799,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_d1( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -4048,7 +3814,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_d1( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -4057,18 +3823,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_ac( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - re->coefficients[round] = + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -4077,7 +3843,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -4097,7 +3863,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_6f( + inv_ntt_layer_int_vec_step_reduce_bf( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -4105,7 +3871,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = montgomery_multiply_fe_a6(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -4117,7 +3883,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9b( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_52( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -4132,7 +3898,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_9b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_6f( + inv_ntt_layer_int_vec_step_reduce_bf( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -4153,14 +3919,14 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d1(&zeta_i, re); - invert_ntt_at_layer_2_ac(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_61(re); } /** @@ -4173,7 +3939,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_6b( +static KRML_MUSTINLINE void add_error_reduce_89_53( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4191,47 +3957,46 @@ static KRML_MUSTINLINE void add_error_reduce_89_6b( } } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_a71( +static KRML_MUSTINLINE void compute_vector_u_111( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_931(&result[i1], &product); + ntt_multiply_89_17(a_element, &r_as_ntt[j]); + add_to_ring_element_89_e81(&result[i1], &product); } invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_6b(&result[i1], &error_1[i1]); + add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4245,7 +4010,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_f3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_9f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4259,8 +4024,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_a7(uint8_t serialized[32U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_message_c0(uint8_t serialized[32U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4268,9 +4033,9 @@ deserialize_then_decompress_message_a7(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_f3(coefficient_compressed); + decompress_1_9f(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4286,7 +4051,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_4e( +add_message_error_reduce_89_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4309,9 +4074,6 @@ add_message_error_reduce_89_4e( return result; } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4319,18 +4081,18 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_9d1( +compute_ring_element_v_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); + ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_e81(&result, &product);); invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_4e(error_2, message, result); + result = add_message_error_reduce_89_60(error_2, message, result); return result; } @@ -4340,7 +4102,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_13(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4361,9 +4123,9 @@ A monomorphic instance of libcrux_ml_kem.vector.portable.compress_0d with const generics - COEFFICIENT_BITS= 10 */ -static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_31( +static libcrux_ml_kem_vector_portable_vector_type_PortableVector compress_0d_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be(v); + return compress_13(v); } /** @@ -4372,7 +4134,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be0(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_130(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4394,8 +4156,8 @@ with const generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_310(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be0(v); +compress_0d_990(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_130(v); } /** @@ -4404,20 +4166,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_560( +static KRML_MUSTINLINE void compress_then_serialize_11_510( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_310(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_990(to_unsigned_representative_e5(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4429,16 +4194,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_970( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_420( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_560(re, uu____0); + compress_then_serialize_11_510(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4448,25 +4210,29 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_3d1( +static void compress_then_serialize_u_e71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, + Eurydice_slice); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_970(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_420(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4476,7 +4242,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be1(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_131(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4498,8 +4264,8 @@ with const generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_311(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be1(v); +compress_0d_991(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_131(v); } /** @@ -4508,20 +4274,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_07( +static KRML_MUSTINLINE void compress_then_serialize_4_59( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_311(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_991(to_unsigned_representative_e5(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4531,7 +4299,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_be2(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +compress_132(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; @@ -4553,8 +4321,8 @@ with const generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -compress_0d_312(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return compress_be2(v); +compress_0d_992(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { + return compress_132(v); } /** @@ -4563,20 +4331,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_00( +static KRML_MUSTINLINE void compress_then_serialize_5_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_312(to_unsigned_representative_78(re.coefficients[i0])); + compress_0d_992(to_unsigned_representative_e5(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); + (size_t)10U * i0 + (size_t)10U, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -4587,52 +4357,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a00( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_00(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_5_ef(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4651,25 +4380,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_611( +static void encrypt_unpacked_841( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_d71(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = - sample_ring_element_cbd_761(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = sample_ring_element_cbd_bf1(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4677,33 +4403,35 @@ static void encrypt_unpacked_611( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_044(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_ee4( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_a71(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_111(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a7(copy_of_message); + deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_9d1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d81(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_3d1( - uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, - (size_t)1408U, uint8_t)); + compress_then_serialize_u_e71( + uu____5, + Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_a00( - uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_1d0( + uu____6, + Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4726,51 +4454,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_081( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_611(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_841(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_101(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4784,20 +4512,15 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_6b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_fe(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4805,14 +4528,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4820,9 +4543,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4848,52 +4571,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_121(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_aa1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_9f3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), + deserialize_ring_elements_reduced_1d3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_231(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_051(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; + memcpy(uu____1, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_611(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_841(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4908,11 +4628,12 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ef(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_94(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4935,55 +4656,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_781( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_6b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_fe( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), - uint8_t), + H_f1_1a1(Eurydice_array_to_slice( + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_c21(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_121(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1568U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_aa1(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1568U]; + memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c1(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_101(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_ef(shared_secret, shared_secret_array); + kdf_af_94(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4994,7 +4719,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b8( +decompress_ciphertext_coefficient_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5019,9 +4744,9 @@ generics - COEFFICIENT_BITS= 10 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f4( +decompress_ciphertext_coefficient_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b8(v); + return decompress_ciphertext_coefficient_05(v); } /** @@ -5031,17 +4756,20 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_23(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_10_52(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f4(coefficient); + decompress_ciphertext_coefficient_0d_83(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5054,7 +4782,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b80( +decompress_ciphertext_coefficient_050( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5079,9 +4807,9 @@ generics - COEFFICIENT_BITS= 11 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f40( +decompress_ciphertext_coefficient_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b80(v); + return decompress_ciphertext_coefficient_050(v); } /** @@ -5091,17 +4819,20 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_70(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_11_4a(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f40(coefficient); + decompress_ciphertext_coefficient_0d_830(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5114,8 +4845,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_820(Eurydice_slice serialized) { - return deserialize_then_decompress_11_70(serialized); +deserialize_then_decompress_ring_element_u_c20(Eurydice_slice serialized) { + return deserialize_then_decompress_11_4a(serialized); } /** @@ -5124,23 +4855,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_180( +static KRML_MUSTINLINE void ntt_vector_u_390( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_a6(&zeta_i, re); + ntt_at_layer_2_23(&zeta_i, re); + ntt_at_layer_1_43(&zeta_i, re); + poly_barrett_reduce_89_61(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5149,16 +4876,17 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_701( +static KRML_MUSTINLINE void deserialize_then_decompress_u_221( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -5171,9 +4899,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_701( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_820(u_bytes); - ntt_vector_u_180(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_c20(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_390(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5187,7 +4917,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b81( +decompress_ciphertext_coefficient_051( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5212,9 +4942,9 @@ generics - COEFFICIENT_BITS= 4 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f41( +decompress_ciphertext_coefficient_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b81(v); + return decompress_ciphertext_coefficient_051(v); } /** @@ -5224,17 +4954,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_91(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_4_e5(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { + i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_ciphertext_coefficient_0d_f41(coefficient); + decompress_ciphertext_coefficient_0d_831(coefficient); re.coefficients[i0] = uu____0; } return re; @@ -5247,7 +4979,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_b82( +decompress_ciphertext_coefficient_052( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5272,9 +5004,9 @@ generics - COEFFICIENT_BITS= 5 */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_ciphertext_coefficient_0d_f42( +decompress_ciphertext_coefficient_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return decompress_ciphertext_coefficient_b82(v); + return decompress_ciphertext_coefficient_052(v); } /** @@ -5284,17 +5016,21 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_ec(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_then_decompress_5_a7(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); - re.coefficients[i0] = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, + Eurydice_slice); + libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); + re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - decompress_ciphertext_coefficient_0d_f42(re.coefficients[i0]); + decompress_ciphertext_coefficient_0d_832(re.coefficients[i0]); re.coefficients[i0] = uu____1; } return re; @@ -5307,8 +5043,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_520(Eurydice_slice serialized) { - return deserialize_then_decompress_5_ec(serialized); +deserialize_then_decompress_ring_element_v_680(Eurydice_slice serialized) { + return deserialize_then_decompress_5_a7(serialized); } /** @@ -5322,7 +5058,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_c3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5340,12 +5076,6 @@ subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5353,17 +5083,17 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7b1( +compute_message_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_931(&result, &product);); + ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_e81(&result, &product);); invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_7e(v, result); + result = subtract_reduce_89_c3(v, result); return result; } @@ -5373,50 +5103,28 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_00( +static KRML_MUSTINLINE void compress_then_serialize_message_79( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_78(re.coefficients[i0]); + to_unsigned_representative_e5(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), - uint8_t);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5427,19 +5135,20 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_a71( +static void decrypt_unpacked_891( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_701(ciphertext, u_as_ntt); + deserialize_then_decompress_u_221(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_520( + deserialize_then_decompress_ring_element_v_680( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t)); + (size_t)1408U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c11(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_00(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5448,10 +5157,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void PRF_3a(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void PRF_2b(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), + input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5465,8 +5175,8 @@ with const generics - K= 4 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_043(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_ee3(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); } /** @@ -5491,62 +5201,66 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_a71(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_891(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea4( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_ee3( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_611(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_841(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5558,13 +5272,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_5e(Eurydice_slice serialized) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_39(); +deserialize_to_uncompressed_ring_element_f3(Eurydice_slice serialized) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { + i < + core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; + i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, + Eurydice_slice); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5572,23 +5289,20 @@ deserialize_to_uncompressed_ring_element_5e(Eurydice_slice serialized) { return re; } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_7c1( +static KRML_MUSTINLINE void deserialize_secret_key_421( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5596,9 +5310,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_7c1( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_5e(secret_bytes); + deserialize_to_uncompressed_ring_element_f3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5616,22 +5330,21 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_451(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ac1(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_7c1(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; + deserialize_secret_key_421(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a71(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5657,82 +5370,82 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b01( +void libcrux_ml_kem_ind_cca_decapsulate_241( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_451(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ac1(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b61(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e41( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1600U]; - libcrux_ml_kem_utils_into_padded_array_2d4(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_751(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_043(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_ee3( + Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_121(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_aa1(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ef(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_94( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ef(shared_secret0, shared_secret); + kdf_af_94(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_751(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_791(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5740,14 +5453,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5755,9 +5468,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5765,9 +5478,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f2( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5775,34 +5485,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_f80( +static KRML_MUSTINLINE void serialize_secret_key_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_1d(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5811,20 +5521,23 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_800( +static KRML_MUSTINLINE void serialize_public_key_eb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); uint8_t ret0[768U]; - serialize_secret_key_f80(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_6d0(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)768U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5836,18 +5549,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_9f2( + deserialize_ring_elements_reduced_1d2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_800( + serialize_public_key_eb0( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5875,7 +5588,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void G_f1_b60(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e40(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -5886,10 +5599,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static void closure_e80( +static void closure_080( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -5907,22 +5620,21 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_750(uint8_t input[2U][34U]) { +shake128_init_absorb_b70(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[2U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; + memcpy(uu____0, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5938,11 +5650,10 @@ generics - K= 2 */ static KRML_MUSTINLINE PortableHash_8b -shake128_init_absorb_f1_110(uint8_t input[2U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[2U][34U]; - memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_750(copy_of_input); +shake128_init_absorb_f1_8c0(uint8_t input[2U][34U]) { + uint8_t uu____0[2U][34U]; + memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b70(uu____0); } /** @@ -5951,14 +5662,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_100( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca0( PortableHash_8b *st, uint8_t ret[2U][504U]) { uint8_t out[2U][504U] = {{0U}}; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5972,52 +5684,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e0( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_690( PortableHash_8b *self, uint8_t ret[2U][504U]) { - shake128_squeeze_three_blocks_100(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_ca0(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6025,7 +5696,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c1( uint8_t randomness[2U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6036,11 +5707,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_051( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6063,14 +5735,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed0(PortableHash_8b *st, +static KRML_MUSTINLINE void shake128_squeeze_block_dd0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -6084,52 +5756,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c10( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_600( PortableHash_8b *self, uint8_t ret[2U][168U]) { - shake128_squeeze_block_ed0(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_dd0(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6137,7 +5768,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c2( uint8_t randomness[2U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR2( @@ -6148,11 +5779,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_052( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -6176,10 +5808,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_990( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f0( int16_t s[272U]) { - return from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -6189,42 +5821,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_from_xof_2b0( +static KRML_MUSTINLINE void sample_from_xof_d40( uint8_t seeds[2U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_110(copy_of_seeds); + uint8_t uu____0[2U][34U]; + memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(uu____0); uint8_t randomness0[2U][504U]; - shake128_squeeze_three_blocks_f1_4e0(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[2U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_051( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_f1_690(&xof_state, randomness0); + uint8_t uu____1[2U][504U]; + memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_2c1( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; - shake128_squeeze_block_f1_c10(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[2U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)2U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_052( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_f1_600(&xof_state, randomness); + uint8_t uu____2[2U][168U]; + memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_2c2( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[2U][272U]; - memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); + int16_t uu____3[2U][272U]; + memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_990(copy_of_out[i]);); + ret0[i] = closure_2f0(uu____3[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -6237,33 +5864,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void sample_matrix_A_230( +static KRML_MUSTINLINE void sample_matrix_A_050( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U][2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - closure_e80(A_transpose[i]);); + closure_080(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[2U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + uint8_t uu____1[2U][34U]; + memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_2b0(copy_of_seeds, sampled); + sample_from_xof_d40(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -6272,9 +5898,7 @@ static KRML_MUSTINLINE void sample_matrix_A_230( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -6297,14 +5921,15 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_1d0(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c50(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -6318,9 +5943,9 @@ with const generics - K= 2 - LEN= 192 */ -static KRML_MUSTINLINE void PRFxN_f1_890(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_930(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { - PRFxN_1d0(input, ret); + PRFxN_c50(input, ret); } /** @@ -6330,14 +5955,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -sample_from_binomial_distribution_660(Eurydice_slice randomness) { - return sample_from_binomial_distribution_3_85(randomness); +sample_from_binomial_distribution_340(Eurydice_slice randomness) { + return sample_from_binomial_distribution_3_b0(randomness); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6347,45 +5968,41 @@ generics - ETA= 3 - ETA_RANDOMNESS_SIZE= 192 */ -static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_d70( +static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][192U]; - PRFxN_f1_890(prf_inputs, prf_outputs); + PRFxN_f1_930(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_660( - Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_340(Eurydice_array_to_slice( + (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6396,15 +6013,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void add_to_ring_element_89_930( +static KRML_MUSTINLINE void add_to_ring_element_89_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6414,94 +6033,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_930( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_As_plus_e_da0( +static KRML_MUSTINLINE void compute_As_plus_e_cb0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_e80(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6511,75 +6088,69 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_f40( +static tuple_4c0 generate_keypair_unpacked_d10( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b60(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_e40(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_230(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_050(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d70(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_a70(uu____3, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - compute_As_plus_e_da0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] - [2U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; + memcpy(uu____5, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -6598,10 +6169,10 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_840( +static void closure_f00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -6613,7 +6184,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 2 */ -static KRML_MUSTINLINE void H_f1_2e0(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_1a0(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -6631,26 +6202,27 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_4c0 uu____0 = generate_keypair_unpacked_d10(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_840(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f00(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_14(&ind_cpa_public_key.A[j][i1]); + clone_d5_3a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6660,39 +6232,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_370(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_800( + serialize_public_key_eb0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), + H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6709,36 +6278,28 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_ec0( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c50( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_f40(key_generation_seed); + tuple_4c0 uu____0 = generate_keypair_unpacked_d10(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; uint8_t public_key_serialized[800U]; - serialize_public_key_800( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_eb0(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_f80(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[768U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[800U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_6d0(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[768U]; + memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); + uint8_t uu____2[800U]; + memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6746,7 +6307,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_41( +static KRML_MUSTINLINE void serialize_kem_secret_key_12( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6754,48 +6315,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_41( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e0(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_1a0(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6810,30 +6369,37 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_d70(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_ec0(ind_cpa_keypair_randomness); + generate_keypair_c50(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_41( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), + serialize_kem_secret_key_12( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[1632U]; + memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_5e uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; + uint8_t uu____3[800U]; + memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb( + uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); } /** @@ -6842,14 +6408,15 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d1(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c51(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2( - i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6863,14 +6430,11 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_891(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_931(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { - PRFxN_1d1(input, ret); + PRFxN_c51(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6881,36 +6445,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_760(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bf0(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - error_1[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[2U][128U]; - PRFxN_f1_891(prf_inputs, prf_outputs); + PRFxN_f1_931(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6926,9 +6488,9 @@ with const generics - K= 2 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_042(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_ee2(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_2b0(input, ret); } /** @@ -6941,66 +6503,62 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d1(&zeta_i, re); - invert_ntt_at_layer_2_ac(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_61(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_a70( +static KRML_MUSTINLINE void compute_vector_u_110( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_930(&result[i1], &product); + ntt_multiply_89_17(a_element, &r_as_ntt[j]); + add_to_ring_element_89_e80(&result[i1], &product); } invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_6b(&result[i1], &error_1[i1]); + add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7008,18 +6566,18 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_9d0( +compute_ring_element_v_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); + ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_e80(&result, &product);); invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_4e(error_2, message, result); + result = add_message_error_reduce_89_60(error_2, message, result); return result; } @@ -7029,20 +6587,23 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_19( +static KRML_MUSTINLINE void compress_then_serialize_10_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_31(to_unsigned_representative_78(re->coefficients[i0])); + compress_0d_99(to_unsigned_representative_e5(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, + Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -7054,16 +6615,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_97( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_42( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_19(re, uu____0); + compress_then_serialize_10_7b(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7073,25 +6631,29 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_3d0( +static void compress_then_serialize_u_e70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_42(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -7102,52 +6664,11 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_a0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_07(re, out); -} - -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + compress_then_serialize_4_59(re, out); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7166,25 +6687,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_610( +static void encrypt_unpacked_840( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_d70(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = - sample_ring_element_cbd_760(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = sample_ring_element_cbd_bf0(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7192,33 +6710,34 @@ static void encrypt_unpacked_610( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_042(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_ee2( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_a70(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_110(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a7(copy_of_message); + deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_9d0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d80(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_3d0( + compress_then_serialize_u_e70( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_a0( - uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_1d( + uu____6, + Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -7241,51 +6760,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_080( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_610(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_840(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_10(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7299,20 +6818,15 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_3b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7320,14 +6834,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7335,9 +6849,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7363,52 +6877,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_120(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_aa0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_9f1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), + deserialize_ring_elements_reduced_1d1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_230(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_050(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; + memcpy(uu____1, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_610(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_840(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -7423,11 +6934,12 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_e0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_06(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -7450,55 +6962,59 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_780( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_3b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_23( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t), + H_f1_1a0(Eurydice_array_to_slice( + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_120(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[768U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_aa0(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[768U]; + memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_10(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_e0(shared_secret, shared_secret_array); + kdf_af_06(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7509,8 +7025,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_82(Eurydice_slice serialized) { - return deserialize_then_decompress_10_23(serialized); +deserialize_then_decompress_ring_element_u_c2(Eurydice_slice serialized) { + return deserialize_then_decompress_10_52(serialized); } /** @@ -7519,23 +7035,19 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_18( +static KRML_MUSTINLINE void ntt_vector_u_39( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U); - ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U); - ntt_at_layer_3_34(&zeta_i, re); - ntt_at_layer_2_7b(&zeta_i, re); - ntt_at_layer_1_4f(&zeta_i, re); - poly_barrett_reduce_89_2c(re); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + ntt_at_layer_3_a6(&zeta_i, re); + ntt_at_layer_2_23(&zeta_i, re); + ntt_at_layer_1_43(&zeta_i, re); + poly_barrett_reduce_89_61(re); } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7544,16 +7056,17 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_700( +static KRML_MUSTINLINE void deserialize_then_decompress_u_220( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7566,9 +7079,11 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_700( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); - ntt_vector_u_18(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_c2(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_39(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7582,16 +7097,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_52(Eurydice_slice serialized) { - return deserialize_then_decompress_4_91(serialized); +deserialize_then_decompress_ring_element_v_68(Eurydice_slice serialized) { + return deserialize_then_decompress_4_e5(serialized); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7599,44 +7108,20 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7b0( +compute_message_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_930(&result, &product);); + ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_e80(&result, &product);); invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_7e(v, result); + result = subtract_reduce_89_c3(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7647,19 +7132,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a70( +static void decrypt_unpacked_890( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_700(ciphertext, u_as_ntt); + deserialize_then_decompress_u_220(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_52( + deserialize_then_decompress_ring_element_v_68( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t)); + (size_t)640U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c10(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_00(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7673,8 +7159,8 @@ with const generics - K= 2 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_041(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_ee1(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); } /** @@ -7699,82 +7185,83 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_a70(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_890(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_ee1( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_610(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_840(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_7c0( +static KRML_MUSTINLINE void deserialize_secret_key_420( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7782,9 +7269,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_7c0( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_5e(secret_bytes); + deserialize_to_uncompressed_ring_element_f3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7802,22 +7289,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_450(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ac0(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_7c0(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; + deserialize_secret_key_420(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a70(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7843,81 +7329,81 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b00( +void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, + Eurydice_slice), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_450(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ac0(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b60(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e40( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[800U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_75(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_041(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_ee1( + Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_120(uu____5, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_aa0(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_e0(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_06( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_e0(shared_secret0, shared_secret); + kdf_af_06(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_75(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_79(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7925,14 +7411,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7940,9 +7426,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7950,9 +7436,6 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Call [`serialize_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7960,34 +7443,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_f8( +static KRML_MUSTINLINE void serialize_secret_key_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_f6(&re, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); + serialize_uncompressed_ring_element_1d(&re, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } -/** - Concatenate `t` and `ρ` into the public key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7996,20 +7479,24 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_80( +static KRML_MUSTINLINE void serialize_public_key_eb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, + (size_t)1152U, uint8_t, Eurydice_slice); uint8_t ret0[1152U]; - serialize_secret_key_f8(t_as_ntt, ret0); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); - Eurydice_slice_copy( + serialize_secret_key_6d(t_as_ntt, ret0); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t), - seed_for_a, uint8_t); + (size_t)1152U, uint8_t, size_t, + Eurydice_slice), + seed_for_a, uint8_t, void *); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -8021,18 +7508,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_3f(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_9f0( + deserialize_ring_elements_reduced_1d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_eb( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t), + uint8_t, size_t, Eurydice_slice), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -8060,7 +7547,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void G_f1_b6(Eurydice_slice input, uint8_t ret[64U]) { +static KRML_MUSTINLINE void G_f1_e4(Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -8071,10 +7558,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static void closure_e8( +static void closure_08( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -8092,22 +7579,21 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_75(uint8_t input[3U][34U]) { +shake128_init_absorb_b7(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; - memcpy(copy_of_shake128_state, shake128_state, + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, + Eurydice_slice));); + libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; + memcpy(uu____0, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, copy_of_shake128_state, + memcpy(lit.shake128_state, uu____0, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -8123,11 +7609,10 @@ generics - K= 3 */ static KRML_MUSTINLINE PortableHash_58 -shake128_init_absorb_f1_11(uint8_t input[3U][34U]) { - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_input[3U][34U]; - memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_75(copy_of_input); +shake128_init_absorb_f1_8c(uint8_t input[3U][34U]) { + uint8_t uu____0[3U][34U]; + memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b7(uu____0); } /** @@ -8136,14 +7621,15 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_10( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca( PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -8157,52 +7643,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_three_blocks_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_4e( +static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_69( PortableHash_58 *self, uint8_t ret[3U][504U]) { - shake128_squeeze_three_blocks_10(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_three_blocks_ca(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8210,7 +7655,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 504 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8221,11 +7666,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_05( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8248,14 +7694,14 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_ed(PortableHash_58 *st, +static KRML_MUSTINLINE void shake128_squeeze_block_dd(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -8269,52 +7715,11 @@ libcrux_ml_kem.hash_functions.portable.shake128_squeeze_block_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void shake128_squeeze_block_f1_c1( +static KRML_MUSTINLINE void shake128_squeeze_block_f1_60( PortableHash_58 *self, uint8_t ret[3U][168U]) { - shake128_squeeze_block_ed(self, ret); -} - -/** - If `bytes` contains a set of uniformly random bytes, this function - uniformly samples a ring element `â` that is treated as being the NTT - representation of the corresponding polynomial `a`. - - Since rejection sampling is used, it is possible the supplied bytes are - not enough to sample the element, in which case an `Err` is returned and the - caller must try again with a fresh set of bytes. - - This function partially implements Algorithm - 6 of the NIST FIPS 203 standard, We say "partially" because this - implementation only accepts a finite set of bytes as input and returns an error - if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other - hand samples from an infinite stream of bytes until the ring element is filled. - Algorithm 6 is reproduced below: - - ```plaintext - Input: byte stream B ∈ 𝔹*. - Output: array â ∈ ℤ₂₅₆. - - i ← 0 - j ← 0 - while j < 256 do - d₁ ← B[i] + 256·(B[i+1] mod 16) - d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] - if d₁ < q then - â[j] ← d₁ - j ← j + 1 - end if - if d₂ < q and j < 256 then - â[j] ← d₂ - j ← j + 1 - end if - i ← i + 3 - end while - return â - ``` - - The NIST FIPS 203 standard can be found at - . -*/ + shake128_squeeze_block_dd(self, ret); +} + /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -8322,7 +7727,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 - N= 168 */ -static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( +static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { KRML_MAYBE_FOR3( @@ -8333,11 +7738,12 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_050( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t); + uint8_t, Eurydice_slice); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t)); + sampled_coefficients[i1] + (size_t)16U, int16_t, + Eurydice_slice)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -8361,10 +7767,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_99( +static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f( int16_t s[272U]) { - return from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); + return from_i16_array_89_ca(Eurydice_array_to_subslice2( + s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); } /** @@ -8374,42 +7780,37 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_from_xof_2b( +static KRML_MUSTINLINE void sample_from_xof_d4( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_11(copy_of_seeds); + uint8_t uu____0[3U][34U]; + memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_f1_8c(uu____0); uint8_t randomness0[3U][504U]; - shake128_squeeze_three_blocks_f1_4e(&xof_state, randomness0); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness0[3U][504U]; - memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = sample_from_uniform_distribution_next_05( - copy_of_randomness0, sampled_coefficients, out); + shake128_squeeze_three_blocks_f1_69(&xof_state, randomness0); + uint8_t uu____1[3U][504U]; + memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + bool done = sample_from_uniform_distribution_next_2c( + uu____1, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - shake128_squeeze_block_f1_c1(&xof_state, randomness); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[3U][168U]; - memcpy(copy_of_randomness, randomness, - (size_t)3U * sizeof(uint8_t[168U])); - done = sample_from_uniform_distribution_next_050( - copy_of_randomness, sampled_coefficients, out); + shake128_squeeze_block_f1_60(&xof_state, randomness); + uint8_t uu____2[3U][168U]; + memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + done = sample_from_uniform_distribution_next_2c0( + uu____2, sampled_coefficients, out); } } - /* Passing arrays by value in Rust generates a copy in C */ - int16_t copy_of_out[3U][272U]; - memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); + int16_t uu____3[3U][272U]; + memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_99(copy_of_out[i]);); + ret0[i] = closure_2f(uu____3[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -8422,33 +7823,32 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void sample_matrix_A_23( +static KRML_MUSTINLINE void sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - closure_e8(A_transpose[i]);); + closure_08(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed[34U]; - memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); + uint8_t uu____0[34U]; + memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seeds[3U][34U]; - memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + uint8_t uu____1[3U][34U]; + memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_2b(copy_of_seeds, sampled); + sample_from_xof_d4(uu____1, sampled); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -8457,9 +7857,7 @@ static KRML_MUSTINLINE void sample_matrix_A_23( } else { A_transpose[i1][j] = sample; } - } - - ); + }); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -8482,14 +7880,15 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_1d(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_c5(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3( - i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, + Eurydice_slice));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -8503,15 +7902,11 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRFxN_f1_89(uint8_t (*input)[33U], +static KRML_MUSTINLINE void PRFxN_f1_93(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - PRFxN_1d(input, ret); + PRFxN_c5(input, ret); } -/** - Sample a vector of ring elements from a centered binomial distribution and - convert them into their NTT representations. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8521,45 +7916,41 @@ generics - ETA= 2 - ETA_RANDOMNESS_SIZE= 128 */ -static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_d7( +static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - re_as_ntt[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + re_as_ntt[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - re_as_ntt[i0] = sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); - ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]);); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + re_as_ntt[i0] = uu____1; + ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( - copy_of_re_as_ntt, re_as_ntt, + uu____2, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, copy_of_re_as_ntt, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } -/** - Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise - sum of their constituent coefficients. -*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -8570,15 +7961,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void add_to_ring_element_89_93( +static KRML_MUSTINLINE void add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector), - libcrux_ml_kem_vector_portable_vector_type_PortableVector); + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + Eurydice_slice), + libcrux_ml_kem_vector_portable_vector_type_PortableVector, + size_t); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -8588,94 +7981,52 @@ static KRML_MUSTINLINE void add_to_ring_element_89_93( } } -/** - Compute  ◦ ŝ + ê -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_As_plus_e_da( +static KRML_MUSTINLINE void compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(matrix_element, &s_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); + add_to_ring_element_89_e8(&result[i1], &product); } - add_standard_error_reduce_89_99(&result[i1], &error_as_ntt[i1]); + add_standard_error_reduce_89_22(&result[i1], &error_as_ntt[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8685,75 +8036,69 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_f4( +static tuple_9b generate_keypair_unpacked_d1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; - G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, - uint8_t, Eurydice_slice_uint8_t_x2); + G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - sample_matrix_A_23(ret, true, A_transpose); + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_05(ret, true, A_transpose); uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); + uint8_t uu____1[33U]; + memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(uu____1, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + uint8_t uu____3[33U]; + memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_d7(copy_of_prf_input, domain_separator).fst, + sample_vector_cbd_then_ntt_a7(uu____3, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - compute_As_plus_e_da(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], + void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____4, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; + memcpy(uu____5, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, + pk.t_as_ntt, uu____4, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, + memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, uu____5, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____7, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, + sk.secret_as_ntt, uu____7, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8772,10 +8117,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_84( +static void closure_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret[i] = ZERO_89_39();); + ret[i] = ZERO_89_8d();); } /** @@ -8787,7 +8132,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void H_f1_2e(Eurydice_slice input, uint8_t ret[32U]) { +static KRML_MUSTINLINE void H_f1_1a(Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -8805,26 +8150,27 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); - tuple_9b uu____0 = generate_keypair_unpacked_f4(ind_cpa_keypair_randomness); + size_t, Eurydice_slice); + tuple_9b uu____0 = generate_keypair_unpacked_d1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_84(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f0(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_14(&ind_cpa_public_key.A[j][i1]); + clone_d5_3a(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8834,39 +8180,36 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_37(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_80( + serialize_public_key_eb( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t), + uint8_t, Eurydice_slice), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_2e(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), + H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, + Eurydice_slice), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U]); + uint8_t[32U], void *); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_implicit_rejection_value[32U]; - memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, + memcpy(uu____5.implicit_rejection_value, uu____4, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_hash[32U]; - memcpy(copy_of_public_key_hash, public_key_hash, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____7[32U]; + memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, + memcpy(lit.public_key.public_key_hash, uu____7, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8883,36 +8226,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_ec( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c5( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_f4(key_generation_seed); + tuple_9b uu____0 = generate_keypair_unpacked_d1(key_generation_seed); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; uint8_t public_key_serialized[1184U]; - serialize_public_key_80( - pk.t_as_ntt, Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t), - public_key_serialized); + serialize_public_key_eb(pk.t_as_ntt, + Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, + uint8_t, Eurydice_slice), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_f8(sk.secret_as_ntt, secret_key_serialized); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_secret_key_serialized[1152U]; - memcpy(copy_of_secret_key_serialized, secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_public_key_serialized[1184U]; - memcpy(copy_of_public_key_serialized, public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_6d(sk.secret_as_ntt, secret_key_serialized); + uint8_t uu____1[1152U]; + memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); + uint8_t uu____2[1184U]; + memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, copy_of_secret_key_serialized, - (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, copy_of_public_key_serialized, - (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); return lit; } -/** - Serialize the secret key. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8920,7 +8255,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void serialize_kem_secret_key_5e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8928,48 +8263,46 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_a8( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), - uint8_t), - private_key, uint8_t); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t); + uu____0, uu____1, + uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + private_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( - uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), - uint8_t), - public_key, uint8_t); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t); + uu____3, uu____4, + uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), + uint8_t, Eurydice_slice), + public_key, uint8_t, void *); + pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, + Eurydice_slice); uint8_t ret0[32U]; - H_f1_2e(public_key, ret0); - Eurydice_slice_copy( - uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); + H_f1_1a(public_key, ret0); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), + uint8_t, void *); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy( + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), - uint8_t), - implicit_rejection_value, uint8_t); + uu____9 + core_slice___Slice_T___len(implicit_rejection_value, + uint8_t, size_t), + uint8_t, Eurydice_slice), + implicit_rejection_value, uint8_t, void *); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } -/** - Packed API - - Generate a key pair. - - Depending on the `Vector` and `Hasher` used, this requires different hardware - features -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8984,35 +8317,39 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, + Eurydice_slice); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_ec(ind_cpa_keypair_randomness); + generate_keypair_c5(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), + serialize_kem_secret_key_5e( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, + Eurydice_slice), implicit_rejection_value, secret_key_serialized); + uint8_t uu____1[2400U]; + memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a70(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d50( - uu____1, libcrux_ml_kem_types_from_c7_140(public_key)); + libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + uint8_t uu____3[1184U]; + memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_eb0( + uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); } -/** - Sample a vector of ring elements from a centered binomial distribution. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9023,36 +8360,34 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_76(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - error_1[i] = ZERO_89_39();); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + error_1[i] = ZERO_89_8d();); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); uint8_t prf_outputs[3U][128U]; - PRFxN_f1_89(prf_inputs, prf_outputs); + PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); error_1[i0] = uu____1;); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; memcpy( - copy_of_error_1, error_1, + uu____2, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, copy_of_error_1, + lit.fst, uu____2, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -9068,9 +8403,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void PRF_f1_040(Eurydice_slice input, +static KRML_MUSTINLINE void PRF_f1_ee0(Eurydice_slice input, uint8_t ret[128U]) { - PRF_3a0(input, ret); + PRF_2b0(input, ret); } /** @@ -9083,66 +8418,62 @@ static KRML_MUSTINLINE void invert_ntt_montgomery_7b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_d1(&zeta_i, re); - invert_ntt_at_layer_2_ac(&zeta_i, re); - invert_ntt_at_layer_3_63(&zeta_i, re); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_9b(&zeta_i, re, (size_t)7U); - poly_barrett_reduce_89_2c(re); + invert_ntt_at_layer_1_13(&zeta_i, re); + invert_ntt_at_layer_2_cd(&zeta_i, re); + invert_ntt_at_layer_3_74(&zeta_i, re); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + poly_barrett_reduce_89_61(re); } -/** - Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_a7( +static KRML_MUSTINLINE void compute_vector_u_11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - result[i] = ZERO_89_39();); + result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len( + i0 < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - add_to_ring_element_89_93(&result[i1], &product); + ntt_multiply_89_17(a_element, &r_as_ntt[j]); + add_to_ring_element_89_e8(&result[i1], &product); } invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_6b(&result[i1], &error_1[i1]); + add_error_reduce_89_53(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9150,24 +8481,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_9d( +compute_ring_element_v_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&t_as_ntt[i0], &r_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); + ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); + add_to_ring_element_89_e8(&result, &product);); invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_4e(error_2, message, result); + result = add_message_error_reduce_89_60(error_2, message, result); return result; } -/** - Call [`compress_then_serialize_ring_element_u`] on each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9177,69 +8505,32 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_3d( +static void compress_then_serialize_u_e7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( + i < core_slice___Slice_T___len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, + Eurydice_slice), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, + Eurydice_slice); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_97(&re, ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); + compress_then_serialize_ring_element_u_42(&re, ret); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } -/** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -9258,25 +8549,22 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_61( +static void encrypt_unpacked_84( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_d7(copy_of_prf_input0, 0U); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + uint8_t uu____0[33U]; + memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(uu____0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = - sample_ring_element_cbd_76(copy_of_prf_input, domain_separator0); + uint8_t uu____2[33U]; + memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = sample_ring_element_cbd_bf(uu____2, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -9284,33 +8572,34 @@ static void encrypt_unpacked_61( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_040(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), - prf_output); + PRF_f1_ee0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + sample_from_binomial_distribution_34(Eurydice_array_to_slice( + (size_t)128U, prf_output, uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_a7(public_key->A, r_as_ntt, error_1, u); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_11(public_key->A, r_as_ntt, error_1, u); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_a7(copy_of_message); + deserialize_then_decompress_message_c0(uu____4); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_9d(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_d8(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_3d( + compress_then_serialize_u_e7( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t)); + uint8_t, Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_a0( - uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + compress_then_serialize_ring_element_v_1d( + uu____6, + Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, + uint8_t, size_t, Eurydice_slice)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -9333,51 +8622,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_08( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_slice( - (size_t)32U, public_key->public_key_hash, uint8_t), - uint8_t); + size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, + Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_61(uu____2, copy_of_randomness, pseudorandomness, - ciphertext); + encrypt_unpacked_84(uu____2, uu____3, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), - shared_secret, uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, + Eurydice_slice), + shared_secret, uint8_t, void *); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_100(uu____4); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -9391,20 +8680,15 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_47(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_5a(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - randomness, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + randomness, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - This function deserializes ring elements and reduces the result by the field - modulus. - - This function MUST NOT be used on secret inputs. -*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -9412,14 +8696,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - deserialized_pk[i] = ZERO_89_39();); + deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t) / + i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9427,9 +8711,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9f( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_b8(ring_element); + deserialize_to_reduced_ring_element_a4(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -9455,52 +8739,49 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_12(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_aa(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_9f( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + deserialize_ring_elements_reduced_1d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, + Eurydice_slice), t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + Eurydice_slice seed = Eurydice_slice_subslice_from( + public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); core_result_unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + uu____0, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; + memcpy(uu____1, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____2[32U]; + memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + public_key_unpacked.t_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, + memcpy(public_key_unpacked.seed_for_A, uu____2, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, + memcpy(public_key_unpacked.A, uu____1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_61(uu____3, copy_of_message, randomness, ret1); + encrypt_unpacked_84(uu____3, uu____4, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -9515,11 +8796,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_ff(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_ee(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - shared_secret, uint8_t); + core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), + shared_secret, uint8_t, void *); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -9542,62 +8824,62 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_47( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); + entropy_preprocess_af_5a( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), + randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, + Eurydice_slice), + to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t); + size_t, Eurydice_slice); uint8_t ret[32U]; - H_f1_2e(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), - uint8_t), + H_f1_1a(Eurydice_array_to_slice( + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), + uint8_t, Eurydice_slice), ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c20(public_key), uint8_t); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_randomness[32U]; - memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, + Eurydice_slice); + uint8_t uu____3[32U]; + memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_12(uu____2, copy_of_randomness, pseudorandomness, ciphertext); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_ciphertext[1088U]; - memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_aa(uu____2, uu____3, pseudorandomness, ciphertext); + uint8_t uu____4[1088U]; + memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c0(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_100(uu____4); uint8_t shared_secret_array[32U]; - kdf_af_ff(shared_secret, shared_secret_array); + kdf_af_ee(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_shared_secret_array[32U]; - memcpy(copy_of_shared_secret_array, shared_secret_array, - (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); return lit; } -/** - Call [`deserialize_then_decompress_ring_element_u`] on each ring element - in the `ciphertext`. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9606,16 +8888,17 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_70( +static KRML_MUSTINLINE void deserialize_then_decompress_u_22( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - u_as_ntt[i] = ZERO_89_39();); + u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), - uint8_t) / + i < core_slice___Slice_T___len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, + Eurydice_slice), + uint8_t, size_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -9628,21 +8911,17 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_70( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_82(u_bytes); - ntt_vector_u_18(&u_as_ntt[i0]); + uint8_t, Eurydice_slice); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = + deserialize_then_decompress_ring_element_u_c2(u_bytes); + u_as_ntt[i0] = uu____0; + ntt_vector_u_39(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - The following functions compute various expressions involving - vectors and matrices. The computation of these expressions has been - abstracted away into these functions in order to save on loop iterations. - Compute v − InverseNTT(sᵀ ◦ NTT(u)) -*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9650,44 +8929,20 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_7b( +compute_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_39(); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = ZERO_89_8d(); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - ntt_multiply_89_d5(&secret_as_ntt[i0], &u_as_ntt[i0]); - add_to_ring_element_89_93(&result, &product);); + ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); + add_to_ring_element_89_e8(&result, &product);); invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_7e(v, result); + result = subtract_reduce_89_c3(v, result); return result; } -/** - This function implements Algorithm 14 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. - - Algorithm 14 is reproduced below: - - ```plaintext - Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - Output: message m ∈ 𝔹^{32}. - - c₁ ← c[0 : 32dᵤk] - c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] - u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) - v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) - ŝ ← ByteDecode₁₂(dkₚₖₑ) - w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) - m ← ByteEncode₁(Compress₁(w)) - return m - ``` - - The NIST FIPS 203 standard can be found at - . -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -9698,19 +8953,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_a7( +static void decrypt_unpacked_89( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_70(ciphertext, u_as_ntt); + deserialize_then_decompress_u_22(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_52( + deserialize_then_decompress_ring_element_v_68( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t)); + (size_t)960U, uint8_t, size_t, + Eurydice_slice)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_7b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_00(message, ret0); + compress_then_serialize_message_79(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9724,8 +8980,8 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void PRF_f1_04(Eurydice_slice input, uint8_t ret[32U]) { - PRF_3a(input, ret); +static KRML_MUSTINLINE void PRF_f1_ee(Eurydice_slice input, uint8_t ret[32U]) { + PRF_2b(input, ret); } /** @@ -9750,82 +9006,83 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_de( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_a7(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_89(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy( + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t), - uint8_t); + uint8_t, Eurydice_slice), + uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3( - Eurydice_array_to_slice( - (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), + libcrux_ml_kem_utils_into_padded_array_ea3( + Eurydice_array_to_slice((size_t)32U, + key_pair->private_key.implicit_rejection_value, + uint8_t, Eurydice_slice), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret); + PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____4[32U]; + memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_61(uu____3, copy_of_decrypted, pseudorandomness, - expected_ciphertext); + encrypt_unpacked_84(uu____3, uu____4, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } -/** - Call [`deserialize_to_uncompressed_ring_element`] for each ring element. -*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_7c( +static KRML_MUSTINLINE void deserialize_secret_key_42( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - secret_as_ntt[i] = ZERO_89_39();); + secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t) / + i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9833,9 +9090,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_7c( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t); + uint8_t, Eurydice_slice); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_5e(secret_bytes); + deserialize_to_uncompressed_ring_element_f3(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9853,22 +9110,21 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_45(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_ac(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_7c(secret_key, secret_as_ntt); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + deserialize_secret_key_42(secret_key, secret_as_ntt); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; memcpy( - copy_of_secret_as_ntt, secret_as_ntt, + uu____0, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, + secret_key_unpacked.secret_as_ntt, uu____0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_a7(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9894,70 +9150,77 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b0( +void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, + Eurydice_slice), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_45(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_ac(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); - Eurydice_slice_copy( + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), + to_hash0); + core_slice___Slice_T___copy_from_slice( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t), - ind_cpa_public_key_hash, uint8_t); + uint8_t, size_t, Eurydice_slice), + ind_cpa_public_key_hash, uint8_t, void *); uint8_t hashed[64U]; - G_f1_b6(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), + G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), + hashed); + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d3(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_750(ciphertext), - uint8_t); + uint8_t, size_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_04(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), - implicit_rejection_shared_secret0); + PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_decrypted[32U]; - memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); + uint8_t uu____6[32U]; + memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_12(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_aa(uu____5, uu____6, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ff(Eurydice_array_to_slice((size_t)32U, - implicit_rejection_shared_secret0, uint8_t), - implicit_rejection_shared_secret); + kdf_af_ee( + Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, + uint8_t, Eurydice_slice), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ff(shared_secret0, shared_secret); + kdf_af_ee(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_750(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), + libcrux_ml_kem_types_as_ref_00_790(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, + Eurydice_slice), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, + Eurydice_slice), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t), + uint8_t, Eurydice_slice), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 8aec8129c..3e6277eff 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_mlkem_portable_H @@ -205,19 +205,6 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) -/** - Signed Barrett Reduction - - Given an input `value`, `barrett_reduce` outputs a representative `result` - such that: - - - result ≡ value (mod FIELD_MODULUS) - - the absolute value of `result` is bound as follows: - - `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) - - In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -239,34 +226,9 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) -/** - Signed Montgomery Reduction - - Given an input `value`, `montgomery_reduce` outputs a representative `o` - such that: - - - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) - - the absolute value of `o` is bound as follows: - - `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) - - In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · - FIELD_MODULUS) / 2`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); -/** - If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to - `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to - `x · y`, as follows: - - `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` - - `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a - representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod - FIELD_MODULUS)`. -*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -282,28 +244,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); -/** - The `compress_*` functions implement the `Compress` function specified in the - NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: - - ```plaintext - Compress_d: ℤq -> ℤ_{2ᵈ} - Compress_d(x) = ⌈(2ᵈ/q)·x⌋ - ``` - - Since `⌈x⌋ = ⌊x + 1/2⌋` we have: - - ```plaintext - Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ - = ⌊(2^{d+1}·x + q) / 2q⌋ - ``` - - For further information about the function implementations, consult the - `implementation_notes.pdf` document in this directory. - - The NIST FIPS 203 standard can be found at - . -*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -413,28 +353,6 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); -/** - Compute the product of two Kyber binomials with respect to the - modulus `X² - zeta`. - - This function almost implements Algorithm 11 of the - NIST FIPS 203 standard, which is reproduced below: - - ```plaintext - Input: a₀, a₁, b₀, b₁ ∈ ℤq. - Input: γ ∈ ℤq. - Output: c₀, c₁ ∈ ℤq. - - c₀ ← a₀·b₀ + a₁·b₁·γ - c₁ ← a₀·b₁ + a₁·b₀ - return c₀, c₁ - ``` - We say "almost" because the coefficients output by this function are in - the Montgomery domain (unlike in the specification). - - The NIST FIPS 203 standard can be found at - . -*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 9d21462e9..d25fce762 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_H @@ -22,160 +22,105 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_ce(buf0, buf); } -/** - A portable SHA3 256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } -/** - A portable SHAKE256 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } -/** - A portable SHA3 224 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } -/** - A portable SHA3 384 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } -/** - SHA3 224 - - Preconditions: - - `digest.len() == 28` -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } -/** - SHA3 224 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), - data); + libcrux_sha3_sha224_ema( + Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } -/** - SHA3 256 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), - data); + libcrux_sha3_sha256_ema( + Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } -/** - SHA3 384 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), - data); + libcrux_sha3_sha384_ema( + Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } -/** - SHA3 512 -*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), - data); + libcrux_sha3_sha512_ema( + Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } -/** - A portable SHAKE128 implementation. -*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } -/** - SHAKE 128 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } -/** - SHAKE 256 - - Writes `out.len()` bytes. -*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 6fadfc9fd..e606bafb5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "internal/libcrux_sha3_avx2.h" @@ -19,24 +19,29 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i zero_ef(void) { - return mm256_set1_epi64x((int64_t)0); +static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { + return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { - __m256i ab = mm256_xor_si256(a, b); - __m256i cd = mm256_xor_si256(c, d); - __m256i abcd = mm256_xor_si256(ab, cd); - return mm256_xor_si256(abcd, e); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); + core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); + core_core_arch_x86___m256i abcd = + libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); + return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, - __m256i d, __m256i e) { +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, + core_core_arch_x86___m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -46,46 +51,60 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), - mm256_srli_epi64((int32_t)63, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_58(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, + core_core_arch_x86___m256i)); } -static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { - __m256i uu____0 = a; - return mm256_xor_si256(uu____0, rotate_left_58(b)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i uu____0 = a; + return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { - return mm256_xor_si256(a, mm256_andnot_si256(c, b)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { +static KRML_MUSTINLINE core_core_arch_x86___m256i +and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, + core_core_arch_x86___m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { - __m256i c0 = mm256_set1_epi64x((int64_t)c); - return mm256_xor_si256(a, c0); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { + core_core_arch_x86___m256i c0 = + libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); + return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -93,16 +112,21 @@ static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { - return mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, + Eurydice_slice); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, + Eurydice_slice); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, + Eurydice_slice); } /** @@ -111,11 +135,10 @@ usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[4U]; - memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice uu____0[4U]; + memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - slice_4(copy_of_a, start, len, ret0); + slice_4(uu____0, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -125,19 +148,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -162,9 +185,6 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -176,7 +196,7 @@ with const generics - N= 4 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -new_1e_16(void) { +new_1e_bf(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = zero_ef(); lit.st[0U][1U] = zero_ef(); @@ -211,114 +231,144 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v10 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v20 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v30 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v0l = mm256_unpacklo_epi64(v00, v10); - __m256i v1h = mm256_unpackhi_epi64(v00, v10); - __m256i v2l = mm256_unpacklo_epi64(v20, v30); - __m256i v3h = mm256_unpackhi_epi64(v20, v30); - __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); - __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); - __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); - __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), - uint8_t); - __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s, uint8_t, Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy(uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy(uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy(uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy(uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s0, uint8_t, Eurydice_slice)); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = mm256_xor_si256(s[i][j], u0); + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); } } @@ -329,15 +379,14 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void load_block_ef_6a(__m256i (*a)[5U], - Eurydice_slice b[4U]) { - __m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[4U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, copy_of_b); +static KRML_MUSTINLINE void load_block_ef_65( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + Eurydice_slice uu____1[4U]; + memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, uu____1); } /** @@ -346,9 +395,13 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), - mm256_srli_epi64((int32_t)28, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_580(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, + core_core_arch_x86___m256i)); } /** @@ -357,8 +410,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -372,7 +426,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c1(a, b); } @@ -382,9 +437,13 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), - mm256_srli_epi64((int32_t)61, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_581(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, + core_core_arch_x86___m256i)); } /** @@ -393,8 +452,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -408,7 +468,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c10(a, b); } @@ -418,9 +479,13 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), - mm256_srli_epi64((int32_t)23, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_582(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, + core_core_arch_x86___m256i)); } /** @@ -429,8 +494,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -444,7 +510,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c11(a, b); } @@ -454,9 +521,13 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), - mm256_srli_epi64((int32_t)46, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_583(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, + core_core_arch_x86___m256i)); } /** @@ -465,8 +536,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -480,7 +552,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c12(a, b); } @@ -490,8 +563,9 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -505,7 +579,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c13(a, b); } @@ -515,9 +590,13 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), - mm256_srli_epi64((int32_t)20, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_584(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, + core_core_arch_x86___m256i)); } /** @@ -526,8 +605,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -541,7 +621,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c14(a, b); } @@ -551,9 +632,13 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), - mm256_srli_epi64((int32_t)54, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_585(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, + core_core_arch_x86___m256i)); } /** @@ -562,8 +647,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -577,7 +663,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c15(a, b); } @@ -587,9 +674,13 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), - mm256_srli_epi64((int32_t)19, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_586(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, + core_core_arch_x86___m256i)); } /** @@ -598,8 +689,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -613,7 +705,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c16(a, b); } @@ -623,9 +716,13 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), - mm256_srli_epi64((int32_t)62, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_587(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, + core_core_arch_x86___m256i)); } /** @@ -634,8 +731,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -649,7 +747,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c17(a, b); } @@ -659,9 +758,13 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), - mm256_srli_epi64((int32_t)2, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_588(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, + core_core_arch_x86___m256i)); } /** @@ -670,8 +773,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -685,7 +789,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c18(a, b); } @@ -695,9 +800,13 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), - mm256_srli_epi64((int32_t)58, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_589(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, + core_core_arch_x86___m256i)); } /** @@ -706,8 +815,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -721,7 +831,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c19(a, b); } @@ -731,9 +842,13 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), - mm256_srli_epi64((int32_t)21, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5810(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, + core_core_arch_x86___m256i)); } /** @@ -742,8 +857,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -757,7 +873,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c110(a, b); } @@ -767,9 +884,13 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), - mm256_srli_epi64((int32_t)49, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5811(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, + core_core_arch_x86___m256i)); } /** @@ -778,8 +899,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -793,7 +915,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c111(a, b); } @@ -803,9 +926,13 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), - mm256_srli_epi64((int32_t)3, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5812(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, + core_core_arch_x86___m256i)); } /** @@ -814,8 +941,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -829,7 +957,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c112(a, b); } @@ -839,9 +968,13 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), - mm256_srli_epi64((int32_t)36, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5813(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, + core_core_arch_x86___m256i)); } /** @@ -850,8 +983,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -865,7 +999,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c113(a, b); } @@ -875,9 +1010,13 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), - mm256_srli_epi64((int32_t)9, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5814(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, + core_core_arch_x86___m256i)); } /** @@ -886,8 +1025,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -901,7 +1041,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c114(a, b); } @@ -911,9 +1052,13 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), - mm256_srli_epi64((int32_t)39, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5815(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, + core_core_arch_x86___m256i)); } /** @@ -922,8 +1067,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -937,7 +1083,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c115(a, b); } @@ -947,9 +1094,13 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), - mm256_srli_epi64((int32_t)43, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5816(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, + core_core_arch_x86___m256i)); } /** @@ -958,8 +1109,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -973,7 +1125,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c116(a, b); } @@ -983,9 +1136,13 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), - mm256_srli_epi64((int32_t)8, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5817(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, + core_core_arch_x86___m256i)); } /** @@ -994,8 +1151,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1009,7 +1167,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c117(a, b); } @@ -1019,9 +1178,13 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), - mm256_srli_epi64((int32_t)37, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5818(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, + core_core_arch_x86___m256i)); } /** @@ -1030,8 +1193,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1045,7 +1209,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c118(a, b); } @@ -1055,9 +1220,13 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), - mm256_srli_epi64((int32_t)44, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5819(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, + core_core_arch_x86___m256i)); } /** @@ -1066,8 +1235,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1081,7 +1251,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c119(a, b); } @@ -1091,9 +1262,13 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), - mm256_srli_epi64((int32_t)25, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5820(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, + core_core_arch_x86___m256i)); } /** @@ -1102,8 +1277,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1117,7 +1293,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c120(a, b); } @@ -1127,9 +1304,13 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), - mm256_srli_epi64((int32_t)56, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5821(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, + core_core_arch_x86___m256i)); } /** @@ -1138,8 +1319,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1153,7 +1335,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c121(a, b); } @@ -1163,9 +1346,13 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { - return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), - mm256_srli_epi64((int32_t)50, x, __m256i)); +static KRML_MUSTINLINE core_core_arch_x86___m256i +rotate_left_5822(core_core_arch_x86___m256i x) { + return libcrux_intrinsics_avx2_mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, + core_core_arch_x86___m256i), + libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, + core_core_arch_x86___m256i)); } /** @@ -1174,8 +1361,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { - __m256i ab = mm256_xor_si256(a, b); +static KRML_MUSTINLINE core_core_arch_x86___m256i +_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { + core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1189,7 +1377,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { +static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _vxarq_u64_c122(a, b); } @@ -1199,59 +1388,107 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void theta_rho_71( +static KRML_MUSTINLINE void theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], - s->st[3U][0U], s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], - s->st[3U][1U], s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], - s->st[3U][2U], s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], - s->st[3U][3U], s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], - s->st[3U][4U], s->st[4U][4U])}; - __m256i uu____0 = + core_core_arch_x86___m256i c[5U] = { + xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], + s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], + s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], + s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], + s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], + s->st[4U][4U])}; + core_core_arch_x86___m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - __m256i uu____1 = + core_core_arch_x86___m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - __m256i uu____2 = + core_core_arch_x86___m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - __m256i uu____3 = + core_core_arch_x86___m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - __m256i t[5U] = { + core_core_arch_x86___m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + core_core_arch_x86___m256i uu____4 = + xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + core_core_arch_x86___m256i uu____5 = + xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + core_core_arch_x86___m256i uu____6 = + xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + core_core_arch_x86___m256i uu____7 = + xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + core_core_arch_x86___m256i uu____8 = + xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + core_core_arch_x86___m256i uu____9 = + xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + core_core_arch_x86___m256i uu____10 = + xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + core_core_arch_x86___m256i uu____11 = + xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + core_core_arch_x86___m256i uu____12 = + xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + core_core_arch_x86___m256i uu____13 = + xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + core_core_arch_x86___m256i uu____14 = + xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + core_core_arch_x86___m256i uu____15 = + xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + core_core_arch_x86___m256i uu____16 = + xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + core_core_arch_x86___m256i uu____17 = + xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + core_core_arch_x86___m256i uu____18 = + xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + core_core_arch_x86___m256i uu____19 = + xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + core_core_arch_x86___m256i uu____20 = + xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + core_core_arch_x86___m256i uu____21 = + xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + core_core_arch_x86___m256i uu____22 = + xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + core_core_arch_x86___m256i uu____23 = + xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + core_core_arch_x86___m256i uu____24 = + xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + core_core_arch_x86___m256i uu____25 = + xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + core_core_arch_x86___m256i uu____26 = + xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; + core_core_arch_x86___m256i uu____27 = + xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1261,10 +1498,10 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void pi_01( +static KRML_MUSTINLINE void pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1297,10 +1534,10 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void chi_9b( +static KRML_MUSTINLINE void chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - __m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); + core_core_arch_x86___m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1315,7 +1552,7 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void iota_09( +static KRML_MUSTINLINE void iota_5b( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1327,14 +1564,14 @@ with types core_core_arch_x86___m256i with const generics - N= 4 */ -static KRML_MUSTINLINE void keccakf1600_07( +static KRML_MUSTINLINE void keccakf1600_f8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - theta_rho_71(s); - pi_01(s); - chi_9b(s); - iota_09(s, i0); + theta_rho_74(s); + pi_35(s); + chi_09(s); + iota_5b(s, i0); } } @@ -1345,13 +1582,13 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void absorb_block_37( +static KRML_MUSTINLINE void absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - __m256i(*uu____0)[5U] = s->st; + core_core_arch_x86___m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - load_block_ef_6a(uu____0, uu____1); - keccakf1600_07(s); + load_block_ef_65(uu____0, uu____1); + keccakf1600_f8(s); } /** @@ -1359,13 +1596,16 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; +static KRML_MUSTINLINE void load_block_full_91( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; load_block_c7(s, buf); } @@ -1376,15 +1616,14 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_05(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[4U][200U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, copy_of_b); +static KRML_MUSTINLINE void load_block_full_ef_e9( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, uu____1); } /** @@ -1395,24 +1634,25 @@ with const generics - RATE= 136 - DELIM= 31 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_05(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_e9(uu____3, uu____4); + keccakf1600_f8(s); } /** @@ -1420,55 +1660,67 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = - mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = - mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); - mm256_storeu_si256_u8( + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v0); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v1); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v2); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1476,64 +1728,78 @@ static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), - s[i0][j0]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), - s[i][j]); - Eurydice_slice uu____4 = Eurydice_slice_subslice2( - out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = Eurydice_slice_subslice2( - out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = Eurydice_slice_subslice2( - out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = Eurydice_slice_subslice2( - out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); } } @@ -1542,32 +1808,29 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], - uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b( + core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; store_block_e9(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out0[200U]; - memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out1[200U]; - memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out2[200U]; - memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____1[200U]; + memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____2[200U]; + memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1578,10 +1841,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_99(__m256i (*a)[5U], - uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_ef_43( + core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { store_block_full_0b(a, ret); } @@ -1592,19 +1855,20 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_and_last_a4( +static KRML_MUSTINLINE void squeeze_first_and_last_c5( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - store_block_full_ef_99(s->st, b); + store_block_full_ef_43(s->st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t);); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); } /** @@ -1614,10 +1878,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void store_block_ef_f6(__m256i (*a)[5U], - Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_58( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { store_block_e9(a, b); } @@ -1628,9 +1892,9 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_first_block_e9( +static KRML_MUSTINLINE void squeeze_first_block_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f6(s->st, out); + store_block_ef_58(s->st, out); } /** @@ -1640,10 +1904,10 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_next_block_1c( +static KRML_MUSTINLINE void squeeze_next_block_b4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f6(s->st, out); + keccakf1600_f8(s); + store_block_ef_58(s->st, out); } /** @@ -1653,20 +1917,21 @@ with const generics - N= 4 - RATE= 136 */ -static KRML_MUSTINLINE void squeeze_last_77( +static KRML_MUSTINLINE void squeeze_last_74( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - keccakf1600_07(&s); + keccakf1600_f8(&s); uint8_t b[4U][200U]; - store_block_full_ef_99(s.st, b); + store_block_full_ef_43(s.st, b); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t);); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *);); } /** @@ -1677,34 +1942,35 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], +static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_16(); + libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_bf(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[4U]; - memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[4U]; + memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - absorb_block_37(uu____0, ret); + slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + absorb_block_1d(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[4U]; - memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[4U]; + memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, + slice_n_ef(uu____3, + core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - squeeze_first_and_last_a4(&s, out); + squeeze_first_and_last_c5(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = split_at_mut_n_ef(out, (size_t)136U); @@ -1712,7 +1978,7 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e9(&s, o0); + squeeze_first_block_9b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1730,34 +1996,28 @@ static KRML_MUSTINLINE void keccak_14(Eurydice_slice data[4U], memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c(&s, o); + squeeze_next_block_b4(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - squeeze_last_77(s, o1); + squeeze_last_74(s, o1); } } } -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - keccak_14(buf0, buf); + keccak_4f(buf0, buf); } -/** - Initialise the [`KeccakState`]. -*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return new_1e_16(); + return new_1e_bf(); } /** @@ -1765,114 +2025,144 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v10 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v20 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v30 = mm256_loadu_si256_u8( - Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t)); - __m256i v0l = mm256_unpacklo_epi64(v00, v10); - __m256i v1h = mm256_unpackhi_epi64(v00, v10); - __m256i v2l = mm256_unpacklo_epi64(v20, v30); - __m256i v3h = mm256_unpackhi_epi64(v20, v30); - __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); - __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); - __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); - __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); + core_core_arch_x86___m256i v00 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v10 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v20 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v30 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( + blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), + uint8_t, Eurydice_slice)); + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - mm256_xor_si256( + libcrux_intrinsics_avx2_mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + libcrux_intrinsics_avx2_mm256_xor_si256( + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_array_to_subslice2( + u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), - uint8_t); - __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s, uint8_t, Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, + Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); - Eurydice_slice_copy(uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); - Eurydice_slice_copy(uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); - Eurydice_slice_copy(uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); - Eurydice_slice_copy(uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t), - uint8_t); - __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( - (size_t)32U, u8s0, uint8_t, Eurydice_slice)); + Eurydice_slice uu____4 = Eurydice_array_to_subslice2( + u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = Eurydice_array_to_subslice2( + u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = Eurydice_array_to_subslice2( + u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = Eurydice_array_to_subslice2( + u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( + uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice), + uint8_t, void *); + core_core_arch_x86___m256i u0 = + libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, + Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = mm256_xor_si256(s[i][j], u0); + s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); } } @@ -1881,13 +2171,16 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], - uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), - Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; +static KRML_MUSTINLINE void load_block_full_910( + core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[1U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[2U], + uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)200U, blocks[3U], + uint8_t, Eurydice_slice)}; load_block_c70(s, buf); } @@ -1898,15 +2191,14 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_050(__m256i (*a)[5U], - uint8_t b[4U][200U]) { - __m256i(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[4U][200U]; - memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, copy_of_b); +static KRML_MUSTINLINE void load_block_full_ef_e90( + core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { + core_core_arch_x86___m256i(*uu____0)[5U] = a; + uint8_t uu____1[4U][200U]; + memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, uu____1); } /** @@ -1917,34 +2209,32 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void absorb_final_5e0( +static KRML_MUSTINLINE void absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i0], uint8_t); + blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, + void *); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - __m256i(*uu____3)[5U] = s->st; + core_core_arch_x86___m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_ef_050(uu____3, uu____4); - keccakf1600_07(s); + load_block_full_ef_e90(uu____3, uu____4); + keccakf1600_f8(s); } -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - absorb_final_5e0(s, buf); + absorb_final_d90(s, buf); } /** @@ -1952,55 +2242,67 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v0l = mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v1h = - mm256_permute2x128_si256((int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v2l = mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - __m256i); - __m256i v3h = - mm256_permute2x128_si256((int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - __m256i); - __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); - __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); - __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); - __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); - mm256_storeu_si256_u8( + core_core_arch_x86___m256i v0l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v1h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v2l = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v3h = + libcrux_intrinsics_avx2_mm256_permute2x128_si256( + (int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + core_core_arch_x86___m256i); + core_core_arch_x86___m256i v0 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); + core_core_arch_x86___m256i v1 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); + core_core_arch_x86___m256i v2 = + libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); + core_core_arch_x86___m256i v3 = + libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v0); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v1); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v2); - mm256_storeu_si256_u8( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t), + (size_t)32U * (i0 + (size_t)1U), uint8_t, + Eurydice_slice), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2008,64 +2310,78 @@ static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), - s[i0][j0]); - Eurydice_slice uu____0 = - Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), + s[i0][j0]); + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____1 = - Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____2 = - Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____2 = Eurydice_slice_subslice2( + out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____3 = - Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____3 = Eurydice_slice_subslice2( + out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), - s[i][j]); - Eurydice_slice uu____4 = Eurydice_slice_subslice2( - out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), + s[i][j]); + Eurydice_slice uu____4 = + Eurydice_slice_subslice2(out[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), - uint8_t); - Eurydice_slice uu____5 = Eurydice_slice_subslice2( - out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____5 = + Eurydice_slice_subslice2(out[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), - uint8_t); - Eurydice_slice uu____6 = Eurydice_slice_subslice2( - out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____6 = + Eurydice_slice_subslice2(out[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), - uint8_t); - Eurydice_slice uu____7 = Eurydice_slice_subslice2( - out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); - Eurydice_slice_copy( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, + Eurydice_slice), + uint8_t, void *); + Eurydice_slice uu____7 = + Eurydice_slice_subslice2(out[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), - uint8_t); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, + Eurydice_slice), + uint8_t, void *); } } @@ -2076,10 +2392,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void store_block_ef_f60(__m256i (*a)[5U], - Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_580( + core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { store_block_e90(a, b); } @@ -2090,20 +2406,17 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_next_block_1c0( +static KRML_MUSTINLINE void squeeze_next_block_b40( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - keccakf1600_07(s); - store_block_ef_f60(s->st, out); + keccakf1600_f8(s); + store_block_ef_580(s->st, out); } -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c0(s, buf); + squeeze_next_block_b40(s, buf); } /** @@ -2113,9 +2426,9 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_block_e90( +static KRML_MUSTINLINE void squeeze_first_block_9b0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - store_block_ef_f60(s->st, out); + store_block_ef_580(s->st, out); } /** @@ -2125,7 +2438,7 @@ with const generics - N= 4 - RATE= 168 */ -KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2133,25 +2446,22 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_b40(s, o1); + squeeze_next_block_b40(s, o2); } -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); } /** @@ -2161,7 +2471,7 @@ with const generics - N= 4 - RATE= 168 */ -static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( +static KRML_MUSTINLINE void squeeze_first_five_blocks_69( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = split_at_mut_n_ef(out, (size_t)168U); @@ -2169,70 +2479,58 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_first_block_e90(s, o0); + squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o1); + squeeze_next_block_b40(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o2); + squeeze_next_block_b40(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - squeeze_next_block_1c0(s, o3); - squeeze_next_block_1c0(s, o4); + squeeze_next_block_b40(s, o3); + squeeze_next_block_b40(s, o4); } -/** - Squeeze five blocks -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_five_blocks_e4(s, buf); + squeeze_first_five_blocks_69(s, buf); } -/** - Absorb -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } -/** - Squeeze block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_first_block_e9(s, buf); + squeeze_first_block_9b(s, buf); } -/** - Squeeze next block -*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - squeeze_next_block_1c(s, buf); + squeeze_next_block_b4(s, buf); } diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 2e6ab41ab..39046c730 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_avx2_H @@ -30,68 +30,41 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - __m256i st[5U][5U]; + core_core_arch_x86___m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; -/** - Perform 4 SHAKE256 operations in parallel -*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Initialise the [`KeccakState`]. -*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze another block -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze three blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze five blocks -*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Absorb -*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); -/** - Squeeze block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); -/** - Squeeze next block -*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index b5e10fd6f..aa2382f2b 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_internal_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); } /** @@ -137,7 +137,8 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, + Eurydice_slice); } /** @@ -146,18 +147,17 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_a[1U]; - memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,9 +187,6 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; -/** - Create a new Shake128 x4 state. -*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -201,7 +198,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_f4(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -236,7 +233,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -245,8 +242,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,11 +258,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c(s, buf); } /** @@ -274,15 +272,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, uu____1); } /** @@ -292,7 +289,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -303,9 +300,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); } /** @@ -319,8 +316,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); } /** @@ -330,7 +327,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -341,9 +338,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); } /** @@ -357,8 +354,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); } /** @@ -368,7 +365,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -379,9 +376,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); } /** @@ -395,8 +392,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); } /** @@ -406,7 +403,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -417,9 +414,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); } /** @@ -433,8 +430,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); } /** @@ -444,9 +441,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb(ab); } /** @@ -460,8 +457,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); } /** @@ -471,7 +468,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -482,9 +479,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); } /** @@ -498,8 +495,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); } /** @@ -509,7 +506,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -520,9 +517,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); } /** @@ -536,8 +533,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); } /** @@ -547,7 +544,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -558,9 +555,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); } /** @@ -574,8 +571,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); } /** @@ -585,7 +582,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -596,9 +593,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); } /** @@ -612,8 +609,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); } /** @@ -623,7 +620,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -634,9 +631,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); } /** @@ -650,8 +647,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); } /** @@ -661,7 +658,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -672,9 +669,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); } /** @@ -688,8 +685,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); } /** @@ -699,7 +696,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -710,9 +707,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); } /** @@ -726,8 +723,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); } /** @@ -737,7 +734,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -748,9 +745,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); } /** @@ -764,8 +761,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); } /** @@ -775,7 +772,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -786,9 +783,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); } /** @@ -802,8 +799,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); } /** @@ -813,7 +810,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -824,9 +821,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); } /** @@ -840,8 +837,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); } /** @@ -851,7 +848,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -862,9 +859,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); } /** @@ -878,8 +875,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); } /** @@ -889,7 +886,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -900,9 +897,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); } /** @@ -916,8 +913,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); } /** @@ -927,7 +924,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -938,9 +935,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); } /** @@ -954,8 +951,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); } /** @@ -965,7 +962,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -976,9 +973,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); } /** @@ -992,8 +989,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); } /** @@ -1003,7 +1000,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1014,9 +1011,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); } /** @@ -1030,8 +1027,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); } /** @@ -1041,7 +1038,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1052,9 +1049,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); } /** @@ -1068,8 +1065,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); } /** @@ -1079,7 +1076,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1090,9 +1087,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); } /** @@ -1106,8 +1103,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); } /** @@ -1117,7 +1114,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1128,9 +1125,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); } /** @@ -1144,8 +1141,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); } /** @@ -1155,7 +1152,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1166,9 +1163,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); } /** @@ -1182,8 +1179,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); } /** @@ -1192,7 +1189,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1227,54 +1224,77 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); - s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); - s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); - s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); - s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); - s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); - s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); - s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); - s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); - s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); - s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); - s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); - s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); - s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); - s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); - s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); - s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); - s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); - s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); - s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); - s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); - s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); - s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + uint64_t uu____4 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); + s->st[1U][0U] = uu____4; + uint64_t uu____5 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); + s->st[2U][0U] = uu____5; + uint64_t uu____6 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); + s->st[3U][0U] = uu____6; + uint64_t uu____7 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); + s->st[4U][0U] = uu____7; + uint64_t uu____8 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); + s->st[0U][1U] = uu____8; + uint64_t uu____9 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); + s->st[1U][1U] = uu____9; + uint64_t uu____10 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); + s->st[2U][1U] = uu____10; + uint64_t uu____11 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); + s->st[3U][1U] = uu____11; + uint64_t uu____12 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); + s->st[4U][1U] = uu____12; + uint64_t uu____13 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); + s->st[0U][2U] = uu____13; + uint64_t uu____14 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); + s->st[1U][2U] = uu____14; + uint64_t uu____15 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); + s->st[2U][2U] = uu____15; + uint64_t uu____16 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); + s->st[3U][2U] = uu____16; + uint64_t uu____17 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); + s->st[4U][2U] = uu____17; + uint64_t uu____18 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); + s->st[0U][3U] = uu____18; + uint64_t uu____19 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); + s->st[1U][3U] = uu____19; + uint64_t uu____20 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); + s->st[2U][3U] = uu____20; + uint64_t uu____21 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); + s->st[3U][3U] = uu____21; + uint64_t uu____22 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); + s->st[4U][3U] = uu____22; + uint64_t uu____23 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); + s->st[0U][4U] = uu____23; + uint64_t uu____24 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); + s->st[1U][4U] = uu____24; + uint64_t uu____25 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); + s->st[2U][4U] = uu____25; + uint64_t uu____26 = + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); + s->st[3U][4U] = uu____26; uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1284,7 +1304,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1320,7 +1340,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1338,7 +1358,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1350,14 +1370,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_16(s); + libcrux_sha3_generic_keccak_pi_1d(s); + libcrux_sha3_generic_keccak_chi_12(s); + libcrux_sha3_generic_keccak_iota_62(s, i0); } } @@ -1369,16 +1389,16 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1388,8 +1408,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1402,11 +1422,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1417,9 +1440,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_58(a, b); } @@ -1431,10 +1454,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1444,9 +1467,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1454,7 +1477,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1463,8 +1486,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1478,11 +1502,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } /** @@ -1492,15 +1516,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, uu____1); } /** @@ -1511,16 +1534,16 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1530,8 +1553,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1544,11 +1567,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1559,9 +1585,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_580(a, b); } @@ -1573,9 +1599,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1585,10 +1611,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1598,15 +1624,31 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, uu____1); +} + +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( + uint64_t (*a)[5U], Eurydice_slice b[1U]) { + uint64_t(*uu____0)[5U] = a; + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, uu____1); } /** @@ -1616,13 +1658,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1630,16 +1672,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -1649,12 +1690,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); } /** @@ -1665,22 +1706,22 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -1691,23 +1732,23 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -1719,36 +1760,37 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -1756,7 +1798,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1774,12 +1816,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); } } } @@ -1790,12 +1832,11 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e94(uu____0, out); } /** @@ -1803,7 +1844,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -1812,8 +1853,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1829,15 +1871,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, uu____1); } /** @@ -1847,13 +1888,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1861,11 +1902,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } /** @@ -1875,15 +1916,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, uu____1); } /** @@ -1894,16 +1934,16 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1913,8 +1953,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1927,11 +1967,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -1940,16 +1983,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -1959,12 +2001,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); } /** @@ -1975,22 +2017,22 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2001,9 +2043,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_583(a, b); } @@ -2015,9 +2057,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -2027,10 +2069,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -2040,23 +2082,23 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2068,36 +2110,37 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -2105,7 +2148,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2123,12 +2166,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); } } } @@ -2139,12 +2182,11 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e93(uu____0, out); } /** @@ -2152,7 +2194,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2161,8 +2203,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2178,15 +2221,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, uu____1); } /** @@ -2196,13 +2238,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2210,11 +2252,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } /** @@ -2224,15 +2266,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, uu____1); } /** @@ -2243,16 +2284,16 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2262,8 +2303,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2276,11 +2317,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -2289,16 +2333,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2308,12 +2351,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); } /** @@ -2324,22 +2367,22 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2350,9 +2393,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_582(a, b); } @@ -2364,9 +2407,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2376,10 +2419,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2389,23 +2432,23 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2417,36 +2460,37 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2454,7 +2498,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2472,12 +2516,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); } } } @@ -2488,30 +2532,11 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); -} - -/** -This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: -usize> for u64)} -*/ -/** -A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a -with const generics -- BLOCKSIZE= 136 -*/ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( - uint64_t (*a)[5U], Eurydice_slice b[1U]) { - uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e92(uu____0, out); } /** @@ -2521,13 +2546,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2535,16 +2560,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2554,12 +2578,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); } /** @@ -2570,22 +2594,22 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2596,23 +2620,23 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -2624,36 +2648,37 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2661,7 +2686,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2679,12 +2704,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2695,12 +2720,11 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e91(uu____0, out); } /** @@ -2711,16 +2735,16 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2730,8 +2754,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2742,36 +2766,37 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2779,7 +2804,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2797,12 +2822,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2813,12 +2838,11 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e90(uu____0, out); } /** @@ -2826,7 +2850,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -2835,8 +2859,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t), - Eurydice_slice, uint8_t[8U]); + (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice), + Eurydice_slice, uint8_t[8U], void *); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2852,15 +2877,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_b[1U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, uu____1); } /** @@ -2870,13 +2894,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2884,11 +2908,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], + uint8_t, Eurydice_slice)}; + libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } /** @@ -2898,15 +2922,14 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_b[1U][200U]; - memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + uint8_t uu____1[1U][200U]; + memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, uu____1); } /** @@ -2917,16 +2940,16 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t); + size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); - Eurydice_slice_copy(uu____0, last[i], uint8_t); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); + core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2936,8 +2959,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2950,11 +2973,14 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, + Eurydice_slice); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - Eurydice_slice_copy( - uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + core_slice___Slice_T___copy_from_slice( + uu____0, + Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), + uint8_t, void *); } } @@ -2963,16 +2989,15 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_out[200U]; - memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); + uint8_t uu____0[200U]; + memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); } /** @@ -2982,11 +3007,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); } /** @@ -2997,22 +3022,22 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -3023,9 +3048,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_581(a, b); } @@ -3037,9 +3062,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -3049,10 +3074,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -3062,23 +3087,23 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); { size_t i = (size_t)0U; Eurydice_slice uu____0 = out[i]; uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i], uint8_t); - Eurydice_slice_copy( + lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); + core_slice___Slice_T___copy_from_slice( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3), - uint8_t); + core_ops_range_Range_b3, Eurydice_slice), + uint8_t, void *); } } @@ -3090,36 +3115,37 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { + i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; + i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____1[1U]; + memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; + size_t rem = + core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice uu____3[1U]; + memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t); + uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + ret); + libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); + size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -3127,7 +3153,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3145,12 +3171,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); } } } @@ -3161,12 +3187,11 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - /* Passing arrays by value in Rust generates a copy in C */ - Eurydice_slice copy_of_data[1U]; - memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + Eurydice_slice uu____0[1U]; + memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e9(uu____0, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 3bda4744f..654c8b7ee 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,38 +4,27 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #include "libcrux_sha3_neon.h" -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -45,9 +34,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } -/** - Initialise the `KeccakState2`. -*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -55,9 +41,6 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -66,10 +49,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -79,10 +58,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -92,9 +67,6 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } -/** - A portable SHA3 224 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -102,9 +74,6 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } -/** - A portable SHA3 384 implementation. -*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 8098e4972..1fc256403 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 8de6020c10a3520a56fbf849176f8218e62435cf - * Eurydice: f8fc97aeb6ecbaaacfe4baffcdc4d671989b5586 - * Karamel: 98e5d604741a886e20a526f6673077a15e23cead + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 + * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 0c66762ad2fdfb3f110ee362fa210bea0fecd265 + * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 */ #ifndef __libcrux_sha3_neon_H @@ -22,21 +22,10 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" -/** - A portable SHA3 512 implementation. -*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 256 implementation. -*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); -/** - Run SHAKE256 on both inputs in parallel. - - Writes the two results into `out0` and `out1` -*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -44,43 +33,23 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; -/** - Initialise the `KeccakState2`. -*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); -/** - Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); -/** - Squeeze 2 times the next block in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -/** - Squeeze 2 times the first three blocks in parallel in the - [`KeccakState`] and return the output in `out0` and `out1`. -*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); -/** - A portable SHA3 224 implementation. -*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); -/** - A portable SHA3 384 implementation. -*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index ba5d875e5..abfaa400b 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 -Eurydice: 99662476dd28a9804b424c103638a01c38192491 -Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b +Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 +Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a diff --git a/libcrux-ml-kem/cg/eurydice_glue.h b/libcrux-ml-kem/cg/eurydice_glue.h index 5b967874d..4b994a998 100644 --- a/libcrux-ml-kem/cg/eurydice_glue.h +++ b/libcrux-ml-kem/cg/eurydice_glue.h @@ -61,31 +61,31 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_slice_len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define Eurydice_slice_copy(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -95,7 +95,7 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _a, _b) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) #define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ Eurydice_array_eq @@ -113,7 +113,7 @@ typedef struct { // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/cg/karamel/target.h b/libcrux-ml-kem/cg/karamel/target.h index a315a8e0d..b8ed3fd02 100644 --- a/libcrux-ml-kem/cg/karamel/target.h +++ b/libcrux-ml-kem/cg/karamel/target.h @@ -26,20 +26,9 @@ #define KRML_HOST_EXIT exit #endif -// This does not actually force inline for now because this would require the -// caller to compile with the same target features as the function. -#ifndef KRML_MUSTINLINE -#if defined(_MSC_VER) -#define KRML_MUSTINLINE inline __forceinline -#elif defined(__GNUC__) -#define KRML_MUSTINLINE inline __attribute__((always_inline)) -#else -#define KRML_MUSTINLINE -#warning "The KRML_MUSTINLINE macro is not defined for this toolchain!" -#warning \ - "Please locate target.h and try to fill it out with a suitable definition for this compiler." -#endif -#endif +// This does not actually force inline. +// Forcing inline increases stack usage beyond acceptable limits +#define KRML_MUSTINLINE inline #ifndef KRML_NOINLINE #if defined(_MSC_VER) diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index a8c471574..86dfb31de 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_core_H @@ -30,6 +30,11 @@ typedef struct core_ops_range_Range_b3_s { size_t end; } core_ops_range_Range_b3; +#define Ok 0 +#define Err 1 + +typedef uint8_t Result_86_tags; + #define None 0 #define Some 1 @@ -78,18 +83,13 @@ typedef struct libcrux_ml_kem_utils_extraction_helper_Keypair768_s { uint8_t snd[1184U]; } libcrux_ml_kem_utils_extraction_helper_Keypair768; -#define Ok 0 -#define Err 1 - -typedef uint8_t Result_6f_tags; - /** A monomorphic instance of core.result.Result with types uint8_t[24size_t], core_array_TryFromSliceError */ typedef struct Result_6f_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[24U]; TryFromSliceError case_Err; @@ -122,7 +122,7 @@ with types uint8_t[20size_t], core_array_TryFromSliceError */ typedef struct Result_7a_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[20U]; TryFromSliceError case_Err; @@ -155,7 +155,7 @@ with types uint8_t[10size_t], core_array_TryFromSliceError */ typedef struct Result_cd_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[10U]; TryFromSliceError case_Err; @@ -221,27 +221,27 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_77( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_b6( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPublicKey)#15} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPublicKey)#14} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_c7 +A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ static inline libcrux_ml_kem_types_MlKemPublicKey_15 -libcrux_ml_kem_types_from_c7_14(uint8_t *value) { +libcrux_ml_kem_types_from_b6_8e(uint8_t value[1184U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - uint8_t ret[1184U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)1184U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } @@ -273,28 +273,28 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_types_from_17_d5(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, +libcrux_ml_kem_types_from_17_12(libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( CLITERAL(libcrux_ml_kem_mlkem768_MlKem768KeyPair){.sk = sk, .pk = pk}); } /** -This function found in impl {(core::convert::From<&0 (@Array)> for -libcrux_ml_kem::types::MlKemPrivateKey)#9} +This function found in impl {(core::convert::From<@Array> for +libcrux_ml_kem::types::MlKemPrivateKey)#8} */ /** -A monomorphic instance of libcrux_ml_kem.types.from_22 +A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ static inline libcrux_ml_kem_types_MlKemPrivateKey_55 -libcrux_ml_kem_types_from_22_a7(uint8_t *value) { +libcrux_ml_kem_types_from_05_db(uint8_t value[2400U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - uint8_t ret[2400U]; - core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)2400U, value, ret, uint8_t, void *); - memcpy(lit.value, ret, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -319,7 +319,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_9c(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_14(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -339,7 +339,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_c2( +static inline uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -352,15 +352,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 33 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d2( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -370,7 +369,7 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ typedef struct Result_00_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[32U]; TryFromSliceError case_Err; @@ -405,15 +404,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 34 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d1( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea1( Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -426,10 +424,9 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_16( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_99( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } /** @@ -440,15 +437,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 1120 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d0( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea0( Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -460,15 +456,14 @@ A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics - LEN= 64 */ -static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_2d( +static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; Eurydice_slice_copy( Eurydice_array_to_subslice2(uu____0, (size_t)0U, - Eurydice_slice_len(slice, uint8_t, size_t), - uint8_t, Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -478,7 +473,7 @@ with types int16_t[16size_t], core_array_TryFromSliceError */ typedef struct Result_c0_s { - Result_6f_tags tag; + Result_86_tags tag; union { int16_t case_Ok[16U]; TryFromSliceError case_Err; @@ -511,7 +506,7 @@ with types uint8_t[8size_t], core_array_TryFromSliceError */ typedef struct Result_56_s { - Result_6f_tags tag; + Result_86_tags tag; union { uint8_t case_Ok[8U]; TryFromSliceError case_Err; diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index 391f9ccc3..7d8c39486 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_ct_ops_H @@ -46,12 +46,11 @@ libcrux_ml_kem_constant_time_ops_is_non_zero(uint8_t value) { static inline uint8_t libcrux_ml_kem_constant_time_ops_compare( Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t, size_t); - i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return libcrux_ml_kem_constant_time_ops_is_non_zero(r); } @@ -75,11 +74,10 @@ static inline void libcrux_ml_kem_constant_time_ops_select_ct( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index ef1d49a0d..587974bbf 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_mlkem768_avx2_H @@ -30,8 +30,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -40,8 +39,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -82,7 +80,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( __m256i v, int16_t ret[16U]) { int16_t output[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + Eurydice_array_to_slice((size_t)16U, output, int16_t), v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -652,38 +650,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsb_to_msb = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, @@ -730,15 +712,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); __m128i combined0 = libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -757,38 +737,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { __m256i coefficients = libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i shift_lsbs_to_msbs = libcrux_intrinsics_avx2_mm256_set_epi16( (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, @@ -842,22 +806,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined1, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -876,22 +837,22 @@ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { __m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); + Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); __m256i coefficients_loaded = libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); __m256i coefficients_loaded0 = libcrux_intrinsics_avx2_mm256_inserti128_si256( @@ -957,22 +918,20 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( __m128i lower_8 = libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, + uint8_t), upper_8); uint8_t ret0[20U]; Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -995,16 +954,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, 9U, @@ -1037,11 +994,10 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + Eurydice_array_to_slice((size_t)16U, array, int16_t), vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1065,7 +1021,7 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** @@ -1109,20 +1065,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( __m128i upper_8 = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, adjacent_8_combined, __m128i); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), + Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, + uint8_t), upper_8); uint8_t ret0[24U]; Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1145,16 +1099,14 @@ libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); - __m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); + __m128i lower_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( lower_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - __m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); + __m128i upper_coefficients = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, @@ -1201,9 +1153,8 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - __m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); + __m128i lower_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); __m128i lower_coefficients = libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); __m128i lower_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( @@ -1215,17 +1166,15 @@ libcrux_ml_kem_vector_avx2_sampling_rejection_sample(Eurydice_slice input, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - __m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); + __m128i upper_shuffles0 = libcrux_intrinsics_avx2_mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); __m128i upper_coefficients = libcrux_intrinsics_avx2_mm256_extracti128_si256( (int32_t)1, potential_coefficients, __m128i); __m128i upper_coefficients0 = libcrux_intrinsics_avx2_mm_shuffle_epi8( upper_coefficients, upper_shuffles0); libcrux_intrinsics_avx2_mm_storeu_si128( Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), + sampled_count + (size_t)8U, int16_t), upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); @@ -1262,7 +1211,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ZERO_89_d5(void) { +libcrux_ml_kem_polynomial_ZERO_89_9b(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); lit.coefficients[1U] = libcrux_ml_kem_vector_avx2_ZERO_ea(); @@ -1291,8 +1240,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_60(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_9a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -1303,16 +1252,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; @@ -1328,15 +1276,15 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_68( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1344,9 +1292,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_ef( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1375,8 +1323,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_bd(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -1387,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1439,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( vector); } @@ -1453,19 +1401,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_67( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_49( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( coefficient); } return re; @@ -1479,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1531,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( vector); } @@ -1545,19 +1492,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_9f( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_490( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( coefficient); } return re; @@ -1571,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_0e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_67(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1588,7 +1534,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d( +static inline __m256i libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e( __m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -1601,9 +1547,9 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4(__m256i a, __m256i b, +libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7(__m256i a, __m256i b, int16_t zeta_r) { - __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(b, zeta_r); + __m256i t = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -1617,7 +1563,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -1630,7 +1576,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_f4( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -1648,7 +1594,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_b4( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_c4( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1667,7 +1613,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7c( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_2d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1689,7 +1635,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_c2( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_42( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -1719,7 +1665,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -1736,21 +1682,21 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_98( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_37( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -1767,17 +1713,17 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -1790,11 +1736,11 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); + uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_05( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_98(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_37(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1809,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1861,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac1( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( vector); } @@ -1875,19 +1821,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_49( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_491( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( coefficient); } return re; @@ -1901,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1953,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_ac2( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( vector); } @@ -1967,19 +1912,18 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_38( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_1d( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_492( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( re.coefficients[i0]); } return re; @@ -1993,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_c0(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_49(serialized); } /** @@ -2037,11 +1981,11 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_ntt_multiply_89_48( +libcrux_ml_kem_polynomial_ntt_multiply_89_44( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 out = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -2077,14 +2021,13 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_97( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < Eurydice_slice_len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, __m256i, - Eurydice_slice), - __m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2099,7 +2042,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2126,7 +2069,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_64( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2149,7 +2092,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_fb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2170,13 +2113,13 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34(__m256i a, +libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_eb(__m256i a, __m256i b, int16_t zeta_r) { __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_9d(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_3e(a_minus_b, zeta_r); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, .snd = b}); } @@ -2189,7 +2132,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2204,7 +2147,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_34( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_eb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); __m256i x = uu____0.fst; @@ -2222,22 +2165,22 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_04(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_18(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_94(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_3d(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_64(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_fb(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_75(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -2252,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_f4( +libcrux_ml_kem_polynomial_subtract_reduce_89_1e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2282,21 +2225,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_8d( +libcrux_ml_kem_matrix_compute_message_db( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_f4(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_1e(v, result); return result; } @@ -2307,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2321,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_1a( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8a( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_84(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(vector); } /** @@ -2334,8 +2277,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_traits_to_unsigned_representative_a4(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_1a(a); +libcrux_ml_kem_vector_traits_to_unsigned_representative_14(__m256i a) { + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8a(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2349,25 +2292,22 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_79( +libcrux_ml_kem_serialize_compress_then_serialize_message_d1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0]); __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -2407,21 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_bb(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_8a( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_8d(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_db(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_79(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2436,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_3b(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_76(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_5c(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_68(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2452,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_3b(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_87(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2467,7 +2406,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_68( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G_a9_e1( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_avx2_G(input, ret); } @@ -2478,12 +2417,11 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_42( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_45( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -2498,9 +2436,9 @@ with const generics - LEN= 32 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_42(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_45(input, ret); } /** @@ -2512,9 +2450,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c1( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -2531,16 +2469,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); @@ -2563,15 +2500,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2579,9 +2516,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( ring_element); deserialized_pk[i0] = uu____0; } @@ -2598,8 +2535,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_a6(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_11(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -2609,10 +2546,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_b9( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } } @@ -2626,16 +2563,15 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -2650,12 +2586,12 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState -libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( +libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_4d( + return libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_b4( copy_of_input); } @@ -2667,7 +2603,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; uint8_t out0[504U] = {0U}; @@ -2675,10 +2611,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -2703,9 +2639,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_6b(self, + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_98(self, ret); } @@ -2759,7 +2695,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2768,14 +2704,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -2802,7 +2737,7 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa( libcrux_sha3_avx2_x4_incremental_KeccakState *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; uint8_t out0[168U] = {0U}; @@ -2810,10 +2745,10 @@ libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -2837,9 +2772,9 @@ libcrux_ml_kem.hash_functions.avx2.shake128_squeeze_block_a9 with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( +libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( libcrux_sha3_avx2_x4_incremental_KeccakState *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_1b(self, ret); + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_aa(self, ret); } /** @@ -2892,7 +2827,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -2901,14 +2836,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -2940,16 +2874,15 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_46(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -2962,10 +2895,9 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_xof_closure_79(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_10( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); +libcrux_ml_kem_sampling_sample_from_xof_closure_19(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2975,7 +2907,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_af( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -2984,28 +2916,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_ca( + libcrux_ml_kem_hash_functions_avx2_shake128_init_absorb_a9_cf( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_4d( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_three_blocks_a9_c0( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f9( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_5a( + libcrux_ml_kem_hash_functions_avx2_shake128_squeeze_block_a9_a3( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_bb0( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_f90( copy_of_randomness, sampled_coefficients, out); } } @@ -3015,7 +2947,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_79(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_19(copy_of_out[i]); } memcpy( ret, ret0, @@ -3029,12 +2961,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_b8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_b9(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -3054,14 +2986,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_a2( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_b0(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_af(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -3111,8 +3042,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_aa(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_d3(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3122,7 +3053,7 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_66( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; uint8_t out0[128U] = {0U}; @@ -3130,14 +3061,14 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_1c( uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -3161,9 +3092,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_avx2_PRFxN_1c(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRFxN_66(input, ret); } /** @@ -3223,27 +3154,26 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -3259,8 +3189,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3271,24 +3201,23 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_c4( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -3306,8 +3235,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_43( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_10(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3318,9 +3247,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_c1( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_ee( randomness); } @@ -3331,7 +3260,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_45( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_fd( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -3353,20 +3282,20 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_45(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_fd(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_65(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_b4(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7c(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_c2(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_99(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_c4(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_2d(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_42(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_e6(re); } /** @@ -3383,11 +3312,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3402,14 +3331,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b5(&re_as_ntt[i0]); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; @@ -3434,8 +3362,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_96(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_24(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3451,11 +3379,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE tuple_b00 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -3470,13 +3398,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_51(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_avx2_PRFxN_a9_a1(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } /* Passing arrays by value in Rust generates a copy in C */ @@ -3498,12 +3425,11 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_420( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_450( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3518,9 +3444,9 @@ with const generics - LEN= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_avx2_PRF_420(input, ret); + libcrux_ml_kem_hash_functions_avx2_PRF_450(input, ret); } /** @@ -3531,8 +3457,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_vector_u_closure_a3(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ae(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -3546,7 +3472,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_46( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; @@ -3571,22 +3497,21 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6c( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; @@ -3594,19 +3519,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_6c( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_46(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3620,7 +3544,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_52(__m256i v) { +static inline __m256i libcrux_ml_kem_vector_traits_decompress_1_d7(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3635,18 +3559,18 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; __m256i coefficient_compressed = - libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_vector_avx2_deserialize_1_ea( + Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, + (size_t)2U * i0 + (size_t)2U, uint8_t)); re.coefficients[i0] = - libcrux_ml_kem_vector_traits_decompress_1_52(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_d7(coefficient_compressed); } return re; } @@ -3663,7 +3587,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { @@ -3694,22 +3618,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_ring_element_v_04( +libcrux_ml_kem_matrix_compute_ring_element_v_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result = - libcrux_ml_kem_polynomial_ZERO_89_d5(); + libcrux_ml_kem_polynomial_ZERO_89_9b(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_be(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_37( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_6a( error_2, message, result); return result; } @@ -3722,7 +3646,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3777,9 +3701,9 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f4( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d4( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( vector); } @@ -3791,24 +3715,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_f0( +libcrux_ml_kem_serialize_compress_then_serialize_10_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f4( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3821,7 +3742,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -3876,9 +3797,9 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f40( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab0( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d40( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( vector); } @@ -3890,24 +3811,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_63( +libcrux_ml_kem_serialize_compress_then_serialize_11_28( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f40( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab0( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3921,10 +3839,10 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_f0(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_d0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -3941,30 +3859,26 @@ with const generics - BLOCK_LEN= 320 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_4d(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_56(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3976,7 +3890,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4031,9 +3945,9 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f41( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab1( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d41( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( vector); } @@ -4045,23 +3959,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_59( +libcrux_ml_kem_serialize_compress_then_serialize_4_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_f41( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab1( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4073,7 +3985,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( +libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( __m256i vector) { __m256i field_modulus_halved = libcrux_intrinsics_avx2_mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / @@ -4128,9 +4040,9 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_f42( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab2( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_d42( + return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( vector); } @@ -4142,23 +4054,21 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_73( +libcrux_ml_kem_serialize_compress_then_serialize_5_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_f42( - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_ab2( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4171,9 +4081,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_59(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_fb(re, out); } /** @@ -4235,15 +4145,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( @@ -4253,7 +4163,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_00( + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( @@ -4262,38 +4172,35 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_930( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_47( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_6c(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_84( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_matrix_compute_ring_element_v_04( + libcrux_ml_kem_matrix_compute_ring_element_v_f9( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_55( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_dd( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -4315,24 +4222,23 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_8e(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f2( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; @@ -4363,7 +4269,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_8e(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -4380,13 +4286,12 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_41( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4413,12 +4318,11 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_13( +static inline void libcrux_ml_kem_ind_cca_decapsulate_33( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -4432,61 +4336,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_13( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_41( + libcrux_ml_kem_ind_cca_kdf_43_ca( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4515,10 +4415,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_13(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_33(private_key, ciphertext, ret); } /** @@ -4532,7 +4432,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_ed(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, ciphertext, ret); } @@ -4592,48 +4492,45 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_87( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -4641,18 +4538,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4683,10 +4579,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_6c(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_41(key_pair, ciphertext, ret); } /** @@ -4700,7 +4596,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_4d( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( private_key, ciphertext, ret); } @@ -4715,12 +4611,11 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4734,7 +4629,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_65( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H(input, ret); } @@ -4759,57 +4654,50 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_93( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_c9( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_41(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4841,14 +4729,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_93(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); } /** @@ -4866,7 +4754,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_44( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( uu____0, copy_of_randomness); } @@ -4889,27 +4777,24 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_09( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -4920,17 +4805,17 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_09( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_c6(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4964,7 +4849,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4972,7 +4857,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_09(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f(uu____0, copy_of_randomness); } @@ -4993,23 +4878,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_dd( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( uu____0, copy_of_randomness); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] - -*/ -typedef struct tuple_9b0_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; -} tuple_9b0; - /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5018,8 +4890,8 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_66(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_dc(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -5029,7 +4901,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_42( +static inline __m256i libcrux_ml_kem_vector_traits_to_standard_domain_c8( __m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -5047,14 +4919,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; __m256i coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_42( + libcrux_ml_kem_vector_traits_to_standard_domain_c8( self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -5072,22 +4944,21 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_58( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; @@ -5095,20 +4966,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_48(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_44(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_97(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_ac( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_06( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -5116,134 +4986,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_f0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_a2(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_15(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_f0(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); -} - /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types @@ -5252,24 +4994,21 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_a4( + libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -5285,7 +5024,7 @@ with const generics - OUT_LEN= 1152 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -5293,22 +5032,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_ae( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_92(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_aa(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -5325,23 +5061,20 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_d0( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_79(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -5358,19 +5091,54 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_e1(Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; +libcrux_ml_kem_ind_cpa_generate_keypair_93(Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_ae(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_79(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -5399,7 +5167,7 @@ with const generics - SERIALIZED_KEY_LEN= 2400 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -5409,40 +5177,35 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65(public_key, ret0); + libcrux_ml_kem_hash_functions_avx2_H_a9_a1(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -5468,33 +5231,37 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_36(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0d(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_e1(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_75( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_8e( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -5513,12 +5280,12 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_36(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_0d(copy_of_randomness); } /** @@ -5530,10 +5297,150 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_f5( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( copy_of_randomness); } +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_avx2_SIMD256Vector[[$3size_t]] + +*/ +typedef struct tuple_9b0_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 snd; +} tuple_9b0; + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_58(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types @@ -5549,8 +5456,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_1d(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_68(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -5567,10 +5474,10 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } } @@ -5586,7 +5493,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_7c( +libcrux_ml_kem_polynomial_clone_d5_f5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5610,16 +5517,15 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_6c( + size_t); + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5627,14 +5533,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_a2(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_7c(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_f5(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5646,20 +5552,19 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; @@ -5702,12 +5607,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b1( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30( copy_of_randomness); } @@ -5721,7 +5626,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_56( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( copy_of_randomness); } @@ -5737,28 +5642,25 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_d7( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a4( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_77(ciphertext), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + uint8_t), ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -5785,12 +5687,11 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_130( +static inline void libcrux_ml_kem_ind_cca_decapsulate_330( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -5804,61 +5705,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_130( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_3b(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_avx2_PRF_a9_93( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d7( + libcrux_ml_kem_ind_cca_kdf_6c_a4( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5888,10 +5785,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_130(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_330(private_key, ciphertext, ret); } /** @@ -5905,7 +5802,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_e4( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( private_key, ciphertext, ret); } @@ -5920,9 +5817,9 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_avx2_H_a9_65(randomness, ret); + libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } /** @@ -5945,57 +5842,50 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_930( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_13( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_avx2_H_a9_65( + libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_avx2_G_a9_68( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_avx2_G_a9_e1( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_8e(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_d7(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6030,14 +5920,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_930(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); } /** @@ -6055,7 +5945,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_d3( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( uu____0, copy_of_randomness); } @@ -6068,9 +5958,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_cc0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_c10( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_d5(); + return libcrux_ml_kem_polynomial_ZERO_89_9b(); } /** @@ -6088,15 +5978,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_d5(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6104,9 +5994,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_c5( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_71( ring_element); deserialized_pk[i0] = uu____0; } @@ -6124,19 +6014,19 @@ with const generics - PUBLIC_KEY_SIZE= 1184 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_77( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_f9( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_f20( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a80( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_d0( + libcrux_ml_kem_ind_cpa_serialize_public_key_5a( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6155,9 +6045,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_77(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } /** @@ -6169,7 +6059,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_35( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index 90c129eb6..751241b38 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_mlkem768_portable_H @@ -32,8 +32,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -41,8 +40,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -54,8 +52,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -63,8 +60,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -136,10 +132,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -170,68 +164,64 @@ typedef struct uint8_t_x11_s { static KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -250,12 +240,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -306,66 +295,56 @@ typedef struct int16_t_x8_s { static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -401,12 +380,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1659,20 +1636,18 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); for (size_t i = (size_t)0U; i < (size_t)8U; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U); } for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1695,26 +1670,26 @@ typedef struct uint8_t_x4_s { static KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1726,11 +1701,11 @@ libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1756,32 +1731,32 @@ static inline void libcrux_ml_kem_vector_portable_serialize_4_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1797,11 +1772,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1843,40 +1816,24 @@ typedef struct uint8_t_x5_s { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1886,11 +1843,10 @@ libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1918,44 +1874,44 @@ static inline void libcrux_ml_kem_vector_portable_serialize_5_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1970,11 +1926,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2007,37 +1961,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { static KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -2047,17 +2000,15 @@ libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -2095,60 +2046,52 @@ static inline void libcrux_ml_kem_vector_portable_serialize_10_0d( static KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -2162,12 +2105,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -2206,20 +2147,17 @@ typedef struct uint8_t_x3_s { static KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2228,29 +2166,25 @@ libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2297,12 +2231,12 @@ typedef struct int16_t_x2_s { static KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2311,32 +2245,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2371,15 +2297,15 @@ static KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < Eurydice_slice_len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2391,7 +2317,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2402,8 +2328,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2420,8 +2345,7 @@ libcrux_ml_kem_vector_portable_sampling_rej_sample(Eurydice_slice a, if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2522,7 +2446,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ZERO_89_39(void) { +libcrux_ml_kem_polynomial_ZERO_89_8d(void) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; lit.coefficients[0U] = libcrux_ml_kem_vector_portable_ZERO_0d(); lit.coefficients[1U] = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -2550,8 +2474,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_77(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_7b(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -2561,16 +2485,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -2587,15 +2510,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_57( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + secret_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2603,9 +2526,9 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_07( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2633,8 +2556,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b8(size_t _) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -2644,7 +2567,7 @@ const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2669,9 +2592,9 @@ generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b8( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_05( v); } @@ -2682,20 +2605,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)20U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f4( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_83( coefficient); re.coefficients[i0] = uu____0; } @@ -2709,7 +2631,7 @@ const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -2734,9 +2656,9 @@ generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b80( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_050( v); } @@ -2747,20 +2669,19 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_51( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_41( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)22U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f40( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_830( coefficient); re.coefficients[i0] = uu____0; } @@ -2774,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_5e(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2791,7 +2712,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5( +libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t fer) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d(v, fer); @@ -2805,12 +2726,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(b, zeta_r); + libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(b, zeta_r); b = libcrux_ml_kem_vector_portable_sub_0d(a, &t); a = libcrux_ml_kem_vector_portable_add_0d(a, &t); return ( @@ -2824,7 +2745,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer, size_t _initial_coefficient_bound) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2837,7 +2758,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_ntt_ntt_layer_int_vec_step_d7( + libcrux_ml_kem_ntt_ntt_layer_int_vec_step_a6( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -2854,7 +2775,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_34( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_3_a6( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2874,7 +2795,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_2_23( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2896,7 +2817,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_4f( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_1_43( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer, size_t _initial_coefficient_bound) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2926,7 +2847,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -2944,21 +2865,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_48( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)7U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3328U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3328U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3328U); + libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3328U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -2974,17 +2895,17 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + u_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(Eurydice_array_to_slice((size_t)1088U, ciphertext, - uint8_t, Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -2997,11 +2918,11 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); + uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_70( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_48(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -3015,7 +2936,7 @@ const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3040,9 +2961,9 @@ generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b81( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_051( v); } @@ -3053,20 +2974,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)8U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f41( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_831( coefficient); re.coefficients[i0] = uu____0; } @@ -3080,7 +3000,7 @@ const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( +libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3105,9 +3025,9 @@ generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( +libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_b82( + return libcrux_ml_kem_vector_portable_compress_decompress_ciphertext_coefficient_052( v); } @@ -3118,20 +3038,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_5e( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)10U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = - libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_f42( + libcrux_ml_kem_vector_portable_decompress_ciphertext_coefficient_0d_832( re.coefficients[i0]); re.coefficients[i0] = uu____1; } @@ -3145,9 +3064,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_f8(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3(serialized); } /** @@ -3188,11 +3107,11 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_ntt_multiply_89_d5( +libcrux_ml_kem_polynomial_ntt_multiply_89_17( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 out = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; @@ -3229,17 +3148,15 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_93( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3255,7 +3172,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3281,7 +3198,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3303,7 +3220,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t _layer) { for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3325,7 +3242,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3333,7 +3250,7 @@ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_sub_0d(b, &a); a = libcrux_ml_kem_vector_portable_barrett_reduce_0d( libcrux_ml_kem_vector_portable_add_0d(a, &b)); - b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_d5(a_minus_b, zeta_r); + b = libcrux_ml_kem_vector_traits_montgomery_multiply_fe_a6(a_minus_b, zeta_r); return ( CLITERAL(libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2){ .fst = a, .snd = b}); @@ -3346,7 +3263,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b( +libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3361,7 +3278,7 @@ libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_6f( + libcrux_ml_kem_invert_ntt_inv_ntt_layer_int_vec_step_reduce_d9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3378,22 +3295,22 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_d1(&zeta_i, re, (size_t)1U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_ac(&zeta_i, re, (size_t)2U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_63(&zeta_i, re, (size_t)3U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_1_46(&zeta_i, re, (size_t)1U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_2_53(&zeta_i, re, (size_t)2U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_3_17(&zeta_i, re, (size_t)3U); + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); - libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_9b(&zeta_i, re, + libcrux_ml_kem_invert_ntt_invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -3407,7 +3324,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_7f( +libcrux_ml_kem_polynomial_subtract_reduce_89_66( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3439,21 +3356,21 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_5f( +libcrux_ml_kem_matrix_compute_message_b5( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&secret_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_7f(v, result); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_66(v, result); return result; } @@ -3463,7 +3380,7 @@ with const generics - SHIFT_BY= 15 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8( +libcrux_ml_kem_vector_portable_arithmetic_shift_right_68( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -3483,9 +3400,9 @@ with const generics - SHIFT_BY= 15 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_shift_right_0d_4b( +libcrux_ml_kem_vector_portable_shift_right_0d_f2( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_arithmetic_shift_right_f8(v); + return libcrux_ml_kem_vector_portable_arithmetic_shift_right_68(v); } /** @@ -3495,10 +3412,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_unsigned_representative_78( +libcrux_ml_kem_vector_traits_to_unsigned_representative_57( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = - libcrux_ml_kem_vector_portable_shift_right_0d_4b(a); + libcrux_ml_kem_vector_portable_shift_right_0d_f2(a); libcrux_ml_kem_vector_portable_vector_type_PortableVector fm = libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -3512,13 +3429,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_6a( +libcrux_ml_kem_serialize_compress_then_serialize_message_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = @@ -3527,12 +3444,9 @@ libcrux_ml_kem_serialize_compress_then_serialize_message_6a( libcrux_ml_kem_vector_portable_serialize_1_0d(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } @@ -3571,21 +3485,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_ce( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_5f(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_b5(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_6a(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_04(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3599,11 +3512,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_cc(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_87(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_3e(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_57(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3615,7 +3528,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_cc(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_71(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3629,7 +3542,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.G_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_b6( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G_f1_e4( Eurydice_slice input, uint8_t ret[64U]) { libcrux_ml_kem_hash_functions_portable_G(input, ret); } @@ -3639,12 +3552,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -3658,9 +3570,9 @@ with const generics - K= 3 - LEN= 32 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_04( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( Eurydice_slice input, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_2b(input, ret); } /** @@ -3671,9 +3583,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_45( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -3689,16 +3601,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( +libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(serialized, uint8_t, size_t) / (size_t)24U; i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3722,15 +3633,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3738,9 +3649,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( ring_element); deserialized_pk[i0] = uu____0; } @@ -3757,8 +3668,8 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_25(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_sample_matrix_A_closure_closure_2a(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -3768,10 +3679,10 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_e8( +static inline void libcrux_ml_kem_matrix_sample_matrix_A_closure_08( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } } @@ -3790,7 +3701,7 @@ libcrux_ml_kem.hash_functions.portable.shake128_init_absorb with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_48 shake128_state[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { @@ -3799,8 +3710,8 @@ libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], Eurydice_array_to_slice((size_t)34U, input[i0], - uint8_t, Eurydice_slice)); + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t)); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; @@ -3823,12 +3734,12 @@ generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_hash_functions_portable_PortableHash_58 -libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( +libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( uint8_t input[3U][34U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_input[3U][34U]; memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); - return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_75( + return libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_b7( copy_of_input); } @@ -3839,7 +3750,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][504U]) { uint8_t out[3U][504U] = {{0U}}; @@ -3847,8 +3758,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -3864,10 +3774,10 @@ const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][504U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_10(self, + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_ca(self, ret); } @@ -3920,7 +3830,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 504 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( uint8_t randomness[3U][504U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -3929,14 +3839,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -3963,7 +3872,7 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; @@ -3971,8 +3880,7 @@ libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed( size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_next_block( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -3988,10 +3896,10 @@ generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( +libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( libcrux_ml_kem_hash_functions_portable_PortableHash_58 *self, uint8_t ret[3U][168U]) { - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_ed(self, ret); + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_dd(self, ret); } /** @@ -4043,7 +3951,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - N= 168 */ static KRML_MUSTINLINE bool -libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( +libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( uint8_t randomness[3U][168U], size_t *sampled_coefficients, int16_t (*out)[272U]) { for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { @@ -4052,14 +3960,13 @@ libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( size_t r = i; if (sampled_coefficients[i1] < LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(randomness[i1], r * (size_t)24U, + r * (size_t)24U + (size_t)24U, uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( - uu____0, - Eurydice_array_to_subslice2(out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, - int16_t, Eurydice_slice)); + uu____0, Eurydice_array_to_subslice2( + out[i1], sampled_coefficients[i1], + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; } @@ -4090,17 +3997,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_slice a) { +libcrux_ml_kem_polynomial_from_i16_array_89_ca(Eurydice_slice a) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -4114,10 +4020,9 @@ generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_xof_closure_99(int16_t s[272U]) { - return libcrux_ml_kem_polynomial_from_i16_array_89_6b( - Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t, - Eurydice_slice)); +libcrux_ml_kem_sampling_sample_from_xof_closure_2f(int16_t s[272U]) { + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -4127,7 +4032,7 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( +static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_d4( uint8_t seeds[3U][34U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; @@ -4136,28 +4041,28 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_hash_functions_portable_PortableHash_58 xof_state = - libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_11( + libcrux_ml_kem_hash_functions_portable_shake128_init_absorb_f1_8c( copy_of_seeds); uint8_t randomness0[3U][504U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_4e( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_three_blocks_f1_69( &xof_state, randomness0); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness0[3U][504U]; memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); - bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_05( + bool done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c( copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; - libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_c1( + libcrux_ml_kem_hash_functions_portable_shake128_squeeze_block_f1_60( &xof_state, randomness); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[3U][168U]; memcpy(copy_of_randomness, randomness, (size_t)3U * sizeof(uint8_t[168U])); - done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_050( + done = libcrux_ml_kem_sampling_sample_from_uniform_distribution_next_2c0( copy_of_randomness, sampled_coefficients, out); } } @@ -4167,7 +4072,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_sampling_sample_from_xof_2b( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret0[i] = - libcrux_ml_kem_sampling_sample_from_xof_closure_99(copy_of_out[i]); + libcrux_ml_kem_sampling_sample_from_xof_closure_2f(copy_of_out[i]); } memcpy( ret, ret0, @@ -4181,12 +4086,12 @@ libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( uint8_t seed[34U], bool transpose, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U][3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_matrix_sample_matrix_A_closure_e8(i, A_transpose[i]); + libcrux_ml_kem_matrix_sample_matrix_A_closure_08(i, A_transpose[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; @@ -4206,14 +4111,13 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_23( uint8_t copy_of_seeds[3U][34U]; memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - libcrux_ml_kem_sampling_sample_from_xof_2b(copy_of_seeds, sampled); + libcrux_ml_kem_sampling_sample_from_xof_d4(copy_of_seeds, sampled); for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -4263,8 +4167,8 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_56(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_closure_71(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4273,15 +4177,14 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_1d( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_c5( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice)); + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t)); } memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -4296,9 +4199,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93( uint8_t (*input)[33U], uint8_t ret[3U][128U]) { - libcrux_ml_kem_hash_functions_portable_PRFxN_1d(input, ret); + libcrux_ml_kem_hash_functions_portable_PRFxN_c5(input, ret); } /** @@ -4357,27 +4260,26 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -4393,8 +4295,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4404,24 +4306,23 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_b0( Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < Eurydice_slice_len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -4439,8 +4340,8 @@ libcrux_ml_kem_sampling_sample_from_binomial_distribution_3_85( sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return libcrux_ml_kem_polynomial_from_i16_array_89_6b(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return libcrux_ml_kem_polynomial_from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -4450,9 +4351,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - ETA= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( +libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_slice randomness) { - return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_20( + return libcrux_ml_kem_sampling_sample_from_binomial_distribution_2_52( randomness); } @@ -4462,7 +4363,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_13( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_at_layer_7_09( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { @@ -4485,20 +4386,20 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88( +libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { - libcrux_ml_kem_ntt_ntt_at_layer_7_13(re); + libcrux_ml_kem_ntt_ntt_at_layer_7_09(re); size_t zeta_i = (size_t)1U; - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)6U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)5U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_4_plus_cc(&zeta_i, re, (size_t)4U, + libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_3_34(&zeta_i, re, (size_t)3U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_2_7b(&zeta_i, re, (size_t)2U, (size_t)3U); - libcrux_ml_kem_ntt_ntt_at_layer_1_4f(&zeta_i, re, (size_t)1U, (size_t)3U); - libcrux_ml_kem_polynomial_poly_barrett_reduce_89_2c(re); + libcrux_ml_kem_ntt_ntt_at_layer_3_a6(&zeta_i, re, (size_t)3U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_2_23(&zeta_i, re, (size_t)2U, (size_t)3U); + libcrux_ml_kem_ntt_ntt_at_layer_1_43(&zeta_i, re, (size_t)1U, (size_t)3U); + libcrux_ml_kem_polynomial_poly_barrett_reduce_89_61(re); } /** @@ -4515,11 +4416,11 @@ generics - ETA_RANDOMNESS_SIZE= 128 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + re_as_ntt[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4534,14 +4435,13 @@ libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; re_as_ntt[i0] = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); - libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_88(&re_as_ntt[i0]); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); + libcrux_ml_kem_ntt_ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]); } /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; @@ -4566,8 +4466,8 @@ generics - ETA2= 2 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_de(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_closure_d0(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4583,11 +4483,11 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76(uint8_t prf_input[33U], +libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + error_1[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; @@ -4602,13 +4502,12 @@ libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76(uint8_t prf_input[33U], domain_separator = (uint32_t)domain_separator + 1U; } uint8_t prf_outputs[3U][128U]; - libcrux_ml_kem_hash_functions_portable_PRFxN_f1_89(prf_inputs, prf_outputs); + libcrux_ml_kem_hash_functions_portable_PRFxN_f1_93(prf_inputs, prf_outputs); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1; } /* Passing arrays by value in Rust generates a copy in C */ @@ -4629,12 +4528,11 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.PRF with const generics - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_3a0( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_2b0( Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -4648,9 +4546,9 @@ with const generics - K= 3 - LEN= 128 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_040( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( Eurydice_slice input, uint8_t ret[128U]) { - libcrux_ml_kem_hash_functions_portable_PRF_3a0(input, ret); + libcrux_ml_kem_hash_functions_portable_PRF_2b0(input, ret); } /** @@ -4660,8 +4558,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_vector_u_closure_ce(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_vector_u_closure_ca(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -4674,7 +4572,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_6b( +static KRML_MUSTINLINE void libcrux_ml_kem_polynomial_add_error_reduce_89_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -4701,22 +4599,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a7( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; @@ -4724,19 +4621,18 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_vector_u_a7( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(a_element, &r_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(a_element, &r_as_ntt[j]); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result[i1]); - libcrux_ml_kem_polynomial_add_error_reduce_89_6b(&result[i1], &error_1[i1]); + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result[i1]); + libcrux_ml_kem_polynomial_add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4750,7 +4646,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_decompress_1_f3( +libcrux_ml_kem_vector_traits_decompress_1_b3( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); @@ -4765,10 +4661,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( +libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)16U; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4776,9 +4672,9 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - libcrux_ml_kem_vector_traits_decompress_1_f3(coefficient_compressed); + libcrux_ml_kem_vector_traits_decompress_1_b3(coefficient_compressed); re.coefficients[i0] = uu____0; } return re; @@ -4795,7 +4691,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( +libcrux_ml_kem_polynomial_add_message_error_reduce_89_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4828,22 +4724,22 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_ring_element_v_9d( +libcrux_ml_kem_matrix_compute_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result = - libcrux_ml_kem_polynomial_ZERO_89_39(); + libcrux_ml_kem_polynomial_ZERO_89_8d(); for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(&t_as_ntt[i0], + libcrux_ml_kem_polynomial_ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result, &product); + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } - libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_7b(&result); - result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_4e( + libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); + result = libcrux_ml_kem_polynomial_add_message_error_reduce_89_a1( error_2, message, result); return result; } @@ -4854,7 +4750,7 @@ with const generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be( +libcrux_ml_kem_vector_portable_compress_compress_13( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4877,9 +4773,9 @@ with const generics - COEFFICIENT_BITS= 10 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_31( +libcrux_ml_kem_vector_portable_compress_0d_99( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be(v); + return libcrux_ml_kem_vector_portable_compress_compress_13(v); } /** @@ -4889,25 +4785,22 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_10_19( +libcrux_ml_kem_serialize_compress_then_serialize_10_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_31( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_99( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4918,7 +4811,7 @@ with const generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be0( +libcrux_ml_kem_vector_portable_compress_compress_130( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -4941,9 +4834,9 @@ with const generics - COEFFICIENT_BITS= 11 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_310( +libcrux_ml_kem_vector_portable_compress_0d_990( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be0(v); + return libcrux_ml_kem_vector_portable_compress_compress_130(v); } /** @@ -4953,25 +4846,22 @@ with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_11_56( +libcrux_ml_kem_serialize_compress_then_serialize_11_f8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_310( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_990( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -4984,10 +4874,10 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_10_19(re, uu____0); + libcrux_ml_kem_serialize_compress_then_serialize_10_c9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } @@ -5003,30 +4893,26 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( +static inline void libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_97(&re, + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_u_54(&re, ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -5036,7 +4922,7 @@ with const generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be1( +libcrux_ml_kem_vector_portable_compress_compress_131( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5059,9 +4945,9 @@ with const generics - COEFFICIENT_BITS= 4 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_311( +libcrux_ml_kem_vector_portable_compress_0d_991( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be1(v); + return libcrux_ml_kem_vector_portable_compress_compress_131(v); } /** @@ -5071,24 +4957,22 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_4_07( +libcrux_ml_kem_serialize_compress_then_serialize_4_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_portable_compress_0d_311( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_991( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -5098,7 +4982,7 @@ with const generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_compress_be2( +libcrux_ml_kem_vector_portable_compress_compress_132( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { @@ -5121,9 +5005,9 @@ with const generics - COEFFICIENT_BITS= 5 */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_portable_compress_0d_312( +libcrux_ml_kem_vector_portable_compress_0d_992( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { - return libcrux_ml_kem_vector_portable_compress_compress_be2(v); + return libcrux_ml_kem_vector_portable_compress_compress_132(v); } /** @@ -5133,24 +5017,22 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_5_00( +libcrux_ml_kem_serialize_compress_then_serialize_5_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - libcrux_ml_kem_vector_portable_compress_0d_312( - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_portable_compress_0d_992( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -5162,9 +5044,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 128 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( +libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - libcrux_ml_kem_serialize_compress_then_serialize_4_07(re, out); + libcrux_ml_kem_serialize_compress_then_serialize_4_f6(re, out); } /** @@ -5226,15 +5108,15 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(randomness, prf_input); + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input0[33U]; memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( @@ -5244,7 +5126,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_prf_input[33U]; memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_76( + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( @@ -5253,38 +5135,35 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_040( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - libcrux_ml_kem_sampling_sample_from_binomial_distribution_66( - Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_a7(public_key->A, r_as_ntt, error_1, + libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - libcrux_ml_kem_serialize_deserialize_then_decompress_message_a7( + libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_matrix_compute_ring_element_v_9d( + libcrux_ml_kem_matrix_compute_ring_element_v_ba( public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_compress_then_serialize_u_3d( + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_a0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -5306,24 +5185,23 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, +static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret0, false, A); + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); unwrap_41_83(dst, seed_for_A); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; @@ -5354,7 +5232,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_12(Eurydice_slice public_key, uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____3, copy_of_message, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -5370,13 +5248,12 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_0a( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_6d( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -5402,12 +5279,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_5a( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -5421,61 +5297,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5a( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a( + libcrux_ml_kem_ind_cca_kdf_43_6d( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5504,10 +5376,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5a(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b5(private_key, ciphertext, ret); } /** @@ -5520,7 +5392,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_8e( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( private_key, ciphertext, ret); } @@ -5580,48 +5452,45 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_89( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_7d( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); + uint8_t, size_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + libcrux_ml_kem_utils_into_padded_array_ea0( + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; @@ -5629,18 +5498,17 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_89( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_61( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5670,10 +5538,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_89(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a(key_pair, ciphertext, ret); } /** @@ -5686,7 +5554,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4a( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( private_key, ciphertext, ret); } @@ -5700,12 +5568,11 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - Eurydice_slice_copy( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -5718,7 +5585,7 @@ A monomorphic instance of libcrux_ml_kem.hash_functions.portable.H_f1 with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_2e( +static KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_slice input, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H(input, ret); } @@ -5742,57 +5609,50 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_78( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_d4( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_0a(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5823,14 +5683,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_78(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } /** @@ -5847,7 +5707,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_2d( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( uu____0, copy_of_randomness); } @@ -5870,27 +5730,24 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; @@ -5901,17 +5758,17 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_61(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; - Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, shared_secret_array, - uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5944,7 +5801,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5952,7 +5809,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_d6(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, copy_of_randomness); } @@ -5972,23 +5829,10 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_69( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( uu____0, copy_of_randomness); } -/** -A monomorphic instance of K. -with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], -libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked -libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] - -*/ -typedef struct tuple_9b_s { - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; -} tuple_9b; - /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e.closure with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5996,8 +5840,8 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_As_plus_e_closure_ab(size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_matrix_compute_As_plus_e_closure_bd(size_t _i) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -6007,7 +5851,7 @@ with const generics */ static inline libcrux_ml_kem_vector_portable_vector_type_PortableVector -libcrux_ml_kem_vector_traits_to_standard_domain_3e( +libcrux_ml_kem_vector_traits_to_standard_domain_a8( libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { return libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); @@ -6024,7 +5868,7 @@ with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( +libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -6032,7 +5876,7 @@ libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_normal_form = - libcrux_ml_kem_vector_traits_to_standard_domain_3e( + libcrux_ml_kem_vector_traits_to_standard_domain_a8( self->coefficients[j]); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_barrett_reduce_0d( @@ -6051,22 +5895,21 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( +static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_cb( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*matrix_A)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *s_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - result[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + result[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i0 = (size_t)0U; i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; @@ -6074,20 +5917,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = &row[j]; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = - libcrux_ml_kem_polynomial_ntt_multiply_89_d5(matrix_element, + libcrux_ml_kem_polynomial_ntt_multiply_89_17(matrix_element, &s_as_ntt[j]); - libcrux_ml_kem_polynomial_add_to_ring_element_89_93(&result[i1], + libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result[i1], &product); } - libcrux_ml_kem_polynomial_add_standard_error_reduce_89_99( + libcrux_ml_kem_polynomial_add_standard_error_reduce_89_22( &result[i1], &error_as_ntt[i1]); } memcpy( @@ -6095,134 +5937,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_compute_As_plus_e_da( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } -/** - This function implements most of Algorithm 12 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation - algorithm. - - We say "most of" since Algorithm 12 samples the required randomness within - the function itself, whereas this implementation expects it to be provided - through the `key_generation_seed` parameter. - - Algorithm 12 is reproduced below: - - ```plaintext - Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. - - d ←$ B - (ρ,σ) ← G(d) - N ← 0 - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) - N ← N + 1 - end for - ŝ ← NTT(s) - ê ← NTT(e) - t̂ ← Â◦ŝ + ê - ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ - dkₚₖₑ ← ByteEncode₁₂(ŝ) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -*/ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( - Eurydice_slice key_generation_seed) { - uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); - Eurydice_slice seed_for_A0 = uu____0.fst; - Eurydice_slice seed_for_secret_and_error = uu____0.snd; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; - uint8_t ret[34U]; - libcrux_ml_kem_utils_into_padded_array_2d1(seed_for_A0, ret); - libcrux_ml_kem_matrix_sample_matrix_A_23(ret, true, A_transpose); - uint8_t prf_input[33U]; - libcrux_ml_kem_utils_into_padded_array_2d2(seed_for_secret_and_error, - prf_input); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input0[33U]; - memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7( - copy_of_prf_input0, 0U); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - memcpy( - secret_as_ntt, uu____2.fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - uint8_t domain_separator = uu____2.snd; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_prf_input[33U]; - memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; - memcpy( - error_as_ntt, - libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_d7(copy_of_prf_input, - domain_separator) - .fst, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_matrix_compute_As_plus_e_da(A_transpose, secret_as_ntt, - error_as_ntt, t_as_ntt); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] - [3U]; - memcpy(copy_of_A_transpose, A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; - memcpy( - pk.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, copy_of_A_transpose, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; - memcpy( - copy_of_secret_as_ntt, secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; - memcpy( - sk.secret_as_ntt, copy_of_secret_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); -} - /** A monomorphic instance of libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types @@ -6230,24 +5944,21 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6( +libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - libcrux_ml_kem_vector_traits_to_unsigned_representative_78( + libcrux_ml_kem_vector_traits_to_unsigned_representative_57( re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } @@ -6262,7 +5973,7 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_87( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; @@ -6270,22 +5981,19 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_secret_key_f8( i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_f6(&re, ret0); + libcrux_ml_kem_serialize_serialize_uncompressed_ring_element_3a(&re, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } @@ -6301,23 +6009,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_80( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_serialize_public_key_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(t_as_ntt, ret0); + libcrux_ml_kem_ind_cpa_serialize_secret_key_87(t_as_ntt, ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice_copy(Eurydice_array_to_subslice_from( - (size_t)1184U, public_key_serialized, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), - seed_for_a, uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( + Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -6334,19 +6039,54 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_utils_extraction_helper_Keypair768 -libcrux_ml_kem_ind_cpa_generate_keypair_ec(Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; +libcrux_ml_kem_ind_cpa_generate_keypair_6e(Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( - pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cpa_serialize_public_key_04( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), public_key_serialized); uint8_t secret_key_serialized[1152U]; - libcrux_ml_kem_ind_cpa_serialize_secret_key_f8(sk.secret_as_ntt, + libcrux_ml_kem_ind_cpa_serialize_secret_key_87(secret_as_ntt, secret_key_serialized); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_secret_key_serialized[1152U]; @@ -6374,7 +6114,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -6384,40 +6124,35 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( size_t uu____2 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + Eurydice_slice_len(private_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + Eurydice_slice_len(public_key, uint8_t, size_t), uint8_t, - Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + Eurydice_slice_len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e(public_key, ret0); + libcrux_ml_kem_hash_functions_portable_H_f1_1a(public_key, ret0); Eurydice_slice_copy( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - Eurydice_slice_copy(Eurydice_array_to_subslice2( - uu____7, uu____8, - uu____9 + Eurydice_slice_len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2( + uu____7, uu____8, + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } @@ -6443,33 +6178,37 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_d7(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - libcrux_ml_kem_ind_cpa_generate_keypair_ec(ind_cpa_keypair_randomness); + libcrux_ml_kem_ind_cpa_generate_keypair_6e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - libcrux_ml_kem_ind_cca_serialize_kem_secret_key_a8( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + libcrux_ml_kem_ind_cca_serialize_kem_secret_key_4c( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_22_a7(secret_key_serialized); - libcrux_ml_kem_types_MlKemPrivateKey_55 uu____1 = private_key; - return libcrux_ml_kem_types_from_17_d5( - uu____1, libcrux_ml_kem_types_from_c7_14(public_key)); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); + libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -6488,12 +6227,12 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c1( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_d7(copy_of_randomness); + return libcrux_ml_kem_ind_cca_generate_keypair_f9(copy_of_randomness); } /** @@ -6504,10 +6243,150 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_45( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_c1( copy_of_randomness); } +/** +A monomorphic instance of K. +with types libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked +libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]], +libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked +libcrux_ml_kem_vector_portable_vector_type_PortableVector[[$3size_t]] + +*/ +typedef struct tuple_9b_s { + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 fst; + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 snd; +} tuple_9b; + +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +*/ +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( + Eurydice_slice key_generation_seed) { + uint8_t hashed[64U]; + libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7(copy_of_prf_input, + domain_separator) + .fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_matrix_compute_As_plus_e_cb(A_transpose, secret_as_ntt, + error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + unwrap_41_83(dst, seed_for_A); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + memcpy( + copy_of_t_as_ntt, t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; + memcpy( + pk.t_as_ntt, copy_of_t_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, + (size_t)3U * + sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; + memcpy( + copy_of_secret_as_ntt, secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; + memcpy( + sk.secret_as_ntt, copy_of_secret_as_ntt, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked.closure.closure with types @@ -6523,8 +6402,8 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_24(size_t _j) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_4e(size_t _j) { + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -6541,10 +6420,10 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - ret[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } } @@ -6559,7 +6438,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_88( +libcrux_ml_kem_polynomial_clone_d5_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6586,16 +6465,15 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_f4( + size_t); + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6603,14 +6481,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_e6(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_88(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6622,20 +6500,19 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_04( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( - Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_H_f1_1a( + Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; @@ -6677,12 +6554,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_89( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62( copy_of_randomness); } @@ -6695,7 +6572,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_59( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( copy_of_randomness); } @@ -6710,28 +6587,25 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_cd( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; - libcrux_ml_kem_utils_into_padded_array_2d(shared_secret, kdf_input); + libcrux_ml_kem_utils_into_padded_array_ea(shared_secret, kdf_input); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, kdf_input, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret0[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_77(ciphertext), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + uint8_t), ret0); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); uint8_t ret1[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t, Eurydice_slice), - ret1); + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)64U, kdf_input, uint8_t), ret1); memcpy(ret, ret1, (size_t)32U * sizeof(uint8_t)); } @@ -6757,12 +6631,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_5a0( +static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; @@ -6776,61 +6649,57 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_5a0( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_cc(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; Eurydice_slice pseudorandomness = uu____3.snd; uint8_t to_hash[1120U]; - libcrux_ml_kem_utils_into_padded_array_2d0(implicit_rejection_value, to_hash); + libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_16(ciphertext), - uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - libcrux_ml_kem_hash_functions_portable_PRF_f1_04( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( + Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cd( + libcrux_ml_kem_ind_cca_kdf_6c_57( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), + uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_16(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6860,10 +6729,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_5a0(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b50(private_key, ciphertext, ret); } /** @@ -6876,7 +6745,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_e6( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( private_key, ciphertext, ret); } @@ -6890,9 +6759,9 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( Eurydice_slice randomness, uint8_t ret[32U]) { - libcrux_ml_kem_hash_functions_portable_H_f1_2e(randomness, ret); + libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } /** @@ -6914,57 +6783,50 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_780( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_de( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; - libcrux_ml_kem_utils_into_padded_array_2d( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + libcrux_ml_kem_utils_into_padded_array_ea( + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; - libcrux_ml_kem_hash_functions_portable_H_f1_2e( + libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1184U, - libcrux_ml_kem_types_as_slice_cb_c2(public_key), - uint8_t, Eurydice_slice), + libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - libcrux_ml_kem_hash_functions_portable_G_f1_b6( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); + libcrux_ml_kem_hash_functions_portable_G_f1_e4( + Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_c2(public_key), uint8_t, - Eurydice_slice); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_12(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_9c(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_cd(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6999,14 +6861,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_780(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } /** @@ -7023,7 +6885,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_64( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( uu____0, copy_of_randomness); } @@ -7035,9 +6897,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_ad0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_closure_450( size_t _i) { - return libcrux_ml_kem_polynomial_ZERO_89_39(); + return libcrux_ml_kem_polynomial_ZERO_89_8d(); } /** @@ -7054,15 +6916,15 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( +libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_39(); + deserialized_pk[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); } for (size_t i = (size_t)0U; - i < Eurydice_slice_len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7070,9 +6932,9 @@ libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_b8( + libcrux_ml_kem_serialize_deserialize_to_reduced_ring_element_e1( ring_element); deserialized_pk[i0] = uu____0; } @@ -7089,19 +6951,19 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_3f( +static KRML_MUSTINLINE bool libcrux_ml_kem_ind_cca_validate_public_key_c2( uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9f0( + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - libcrux_ml_kem_ind_cpa_serialize_public_key_80( + libcrux_ml_kem_ind_cpa_serialize_public_key_04( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7119,9 +6981,9 @@ generics - PUBLIC_KEY_SIZE= 1184 */ static inline bool -libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( +libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_3f(public_key); + return libcrux_ml_kem_ind_cca_validate_public_key_c2(public_key); } /** @@ -7132,7 +6994,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( static inline Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_24( + if (libcrux_ml_kem_ind_cca_instantiations_portable_validate_public_key_9d( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 1f7c19dfa..b99183fea 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_sha3_avx2_H @@ -131,14 +131,10 @@ static KRML_MUSTINLINE __m256i libcrux_sha3_simd_avx2_xor_ef(__m256i a, KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_slice_4( Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -226,7 +222,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 -libcrux_sha3_generic_keccak_new_1e_16(void) { +libcrux_sha3_generic_keccak_new_1e_bf(void) { libcrux_sha3_generic_keccak_KeccakState_29 lit; lit.st[0U][0U] = libcrux_sha3_simd_avx2_zero_ef(); lit.st[0U][1U] = libcrux_sha3_simd_avx2_zero_ef(); @@ -266,22 +262,18 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); @@ -319,34 +311,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -355,34 +343,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c7( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice)); @@ -401,10 +385,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_6a( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_ef_65( __m256i (*a)[5U], Eurydice_slice b[4U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1438,7 +1422,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_71( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i c[5U] = {libcrux_sha3_simd_avx2_xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], @@ -1530,7 +1514,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_01( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1567,7 +1551,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_9b( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { __m256i old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); @@ -1589,7 +1573,7 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_5b( libcrux_sha3_generic_keccak_KeccakState_29 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_simd_avx2_xor_constant_ef( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1602,14 +1586,14 @@ with const generics - N= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_07( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_f8( libcrux_sha3_generic_keccak_KeccakState_29 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_71(s); - libcrux_sha3_generic_keccak_pi_01(s); - libcrux_sha3_generic_keccak_chi_9b(s); - libcrux_sha3_generic_keccak_iota_09(s, i0); + libcrux_sha3_generic_keccak_theta_rho_74(s); + libcrux_sha3_generic_keccak_pi_35(s); + libcrux_sha3_generic_keccak_chi_09(s); + libcrux_sha3_generic_keccak_iota_5b(s, i0); } } @@ -1621,13 +1605,13 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_37( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_simd_avx2_load_block_ef_6a(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_ef_65(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -1638,14 +1622,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_91( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c7(s, buf); } @@ -1656,10 +1637,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_05( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e9( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -1677,16 +1658,16 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -1696,8 +1677,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_05(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e9(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -1742,23 +1723,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1767,32 +1744,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -1800,40 +1776,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e9( size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1850,10 +1817,10 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_0b( uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; libcrux_sha3_simd_avx2_store_block_e9(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out0[200U]; @@ -1879,10 +1846,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_99( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_full_ef_43( __m256i (*a)[5U], uint8_t ret[4U][200U]) { libcrux_sha3_simd_avx2_store_block_full_0b(a, ret); } @@ -1896,22 +1863,22 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_a4( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s->st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_43(s->st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1922,10 +1889,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f6( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_58( __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e9(a, b); } @@ -1938,9 +1905,9 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e9( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); } /** @@ -1951,10 +1918,10 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b4( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f6(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_store_block_ef_58(s->st, out); } /** @@ -1965,23 +1932,23 @@ with const generics - RATE= 136 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_77( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_74( libcrux_sha3_generic_keccak_KeccakState_29 s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(&s); + libcrux_sha3_generic_keccak_keccakf1600_f8(&s); uint8_t b[4U][200U]; - libcrux_sha3_simd_avx2_store_block_full_ef_99(s.st, b); + libcrux_sha3_simd_avx2_store_block_full_ef_43(s.st, b); for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1994,12 +1961,12 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_4f( Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = - libcrux_sha3_generic_keccak_new_1e_16(); + libcrux_sha3_generic_keccak_new_1e_bf(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2008,23 +1975,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_37(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_1d(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[4U]; memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; libcrux_sha3_simd_avx2_slice_n_ef( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_5e(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_a4(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c54(&s, out); } else { Eurydice_slice_uint8_t_4size_t__x2 uu____4 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)136U); @@ -2032,7 +1998,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o0, uu____4.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o1[4U]; memcpy(o1, uu____4.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e9(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2050,12 +2016,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_14( memcpy(o, uu____5.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice orest[4U]; memcpy(orest, uu____5.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_b4(&s, o); memcpy(o1, orest, (size_t)4U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_77(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_74(s, o1); } } } @@ -2070,7 +2036,7 @@ static KRML_MUSTINLINE void libcrux_sha3_avx2_x4_shake256( Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf0[4U] = {input0, input1, input2, input3}; Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_keccak_14(buf0, buf); + libcrux_sha3_generic_keccak_keccak_4f(buf0, buf); } typedef libcrux_sha3_generic_keccak_KeccakState_29 @@ -2082,7 +2048,7 @@ typedef libcrux_sha3_generic_keccak_KeccakState_29 KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { - return libcrux_sha3_generic_keccak_new_1e_16(); + return libcrux_sha3_generic_keccak_new_1e_bf(); } /** @@ -2095,22 +2061,18 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( __m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - __m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - __m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); + __m256i v00 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); __m256i v0l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); __m256i v1h = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); __m256i v2l = libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); @@ -2148,34 +2110,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); __m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, Eurydice_slice)); @@ -2184,34 +2142,30 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_c70( s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - Eurydice_slice_copy( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); __m256i u0 = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice)); @@ -2231,14 +2185,11 @@ with const generics KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_910( __m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; libcrux_sha3_simd_avx2_load_block_c70(s, buf); } @@ -2249,10 +2200,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_050( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_load_block_full_ef_e90( __m256i (*a)[5U], uint8_t b[4U][200U]) { __m256i(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ @@ -2270,16 +2221,16 @@ with const generics - DELIM= 31 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)4U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2289,8 +2240,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_5e0( __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); - libcrux_sha3_simd_avx2_load_block_full_ef_050(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_07(s); + libcrux_sha3_simd_avx2_load_block_full_ef_e90(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); } /** @@ -2302,7 +2253,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e0(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d90(s, buf); } /** @@ -2347,23 +2298,19 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( __m256i v3 = libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); libcrux_intrinsics_avx2_mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2372,32 +2319,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, - uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, - uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____0, + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = @@ -2405,40 +2351,31 @@ static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_e90( size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2449,10 +2386,10 @@ usize> for core::core_arch::x86::__m256i)} /** A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_f60( +static KRML_MUSTINLINE void libcrux_sha3_simd_avx2_store_block_ef_580( __m256i (*a)[5U], Eurydice_slice b[4U]) { libcrux_sha3_simd_avx2_store_block_e90(a, b); } @@ -2465,10 +2402,10 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1c0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_b40( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_generic_keccak_keccakf1600_07(s); - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_f8(s); + libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); } /** @@ -2480,7 +2417,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, buf); } /** @@ -2491,9 +2428,9 @@ with const generics - RATE= 168 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_e90( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_9b0( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { - libcrux_sha3_simd_avx2_store_block_ef_f60(s->st, out); + libcrux_sha3_simd_avx2_store_block_ef_580(s->st, out); } /** @@ -2505,7 +2442,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2513,15 +2450,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o2[4U]; memcpy(o2, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); } /** @@ -2533,7 +2470,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_27(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a(s, buf); } /** @@ -2545,7 +2482,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out[4U]) { Eurydice_slice_uint8_t_4size_t__x2 uu____0 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(out, (size_t)168U); @@ -2553,29 +2490,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4( memcpy(o0, uu____0.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o10[4U]; memcpy(o10, uu____0.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_e90(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_9b0(s, o0); Eurydice_slice_uint8_t_4size_t__x2 uu____1 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o10, (size_t)168U); Eurydice_slice o1[4U]; memcpy(o1, uu____1.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o20[4U]; memcpy(o20, uu____1.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o1); Eurydice_slice_uint8_t_4size_t__x2 uu____2 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o20, (size_t)168U); Eurydice_slice o2[4U]; memcpy(o2, uu____2.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o30[4U]; memcpy(o30, uu____2.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o2); Eurydice_slice_uint8_t_4size_t__x2 uu____3 = libcrux_sha3_simd_avx2_split_at_mut_n_ef(o30, (size_t)168U); Eurydice_slice o3[4U]; memcpy(o3, uu____3.fst, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice o4[4U]; memcpy(o4, uu____3.snd, (size_t)4U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1c0(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_b40(s, o4); } /** @@ -2587,7 +2524,7 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_e4(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_69(s, buf); } /** @@ -2599,7 +2536,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { Eurydice_slice buf[4U] = {data0, data1, data2, data3}; - libcrux_sha3_generic_keccak_absorb_final_5e(s, buf); + libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } /** @@ -2611,7 +2548,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_first_block_e9(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_9b(s, buf); } /** @@ -2623,7 +2560,7 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { Eurydice_slice buf[4U] = {out0, out1, out2, out3}; - libcrux_sha3_generic_keccak_squeeze_next_block_1c(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_b4(s, buf); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index 68c9b12fa..933b72278 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: d8a02494066422005c27e3b3f515129c0c38e9f0 - * Eurydice: 99662476dd28a9804b424c103638a01c38192491 - * Karamel: 9fb21c700160be489cafc690c3c0af2681ece49b + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 490a8664911fa33e785d629c78d6ee3dd85448e6 + * Libcrux: b1d4135b68cb8c89ceb03c1a5829a6eb04a5309a */ #ifndef __libcrux_sha3_portable_H @@ -79,14 +79,14 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb(uint64_t x) { return x << (uint32_t)(int32_t)1 | x >> (uint32_t)(int32_t)63; } static KRML_MUSTINLINE uint64_t libcrux_sha3_portable_keccak__vrax1q_u64(uint64_t a, uint64_t b) { uint64_t uu____0 = a; - return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_db(b); + return uu____0 ^ libcrux_sha3_portable_keccak_rotate_left_cb(b); } /** @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -202,7 +201,7 @@ with const generics - N= 1 */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 -libcrux_sha3_generic_keccak_new_1e_f2(void) { +libcrux_sha3_generic_keccak_new_1e_f4(void) { libcrux_sha3_generic_keccak_KeccakState_48 lit; lit.st[0U][0U] = libcrux_sha3_portable_keccak_zero_5a(); lit.st[0U][1U] = libcrux_sha3_portable_keccak_zero_5a(); @@ -237,7 +236,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; @@ -246,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -264,15 +262,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); } /** @@ -282,7 +280,7 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db0(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb0(uint64_t x) { return x << (uint32_t)(int32_t)36 | x >> (uint32_t)(int32_t)28; } @@ -293,9 +291,9 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_42(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db0(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb0(ab); } /** @@ -309,8 +307,8 @@ with const generics - RIGHT= 28 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_42(a, b); } /** @@ -320,7 +318,7 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db1(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb1(uint64_t x) { return x << (uint32_t)(int32_t)3 | x >> (uint32_t)(int32_t)61; } @@ -331,9 +329,9 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d0(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_420(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db1(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb1(ab); } /** @@ -347,8 +345,8 @@ with const generics - RIGHT= 61 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d0(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_420(a, b); } /** @@ -358,7 +356,7 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db2(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb2(uint64_t x) { return x << (uint32_t)(int32_t)41 | x >> (uint32_t)(int32_t)23; } @@ -369,9 +367,9 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d1(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_421(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db2(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb2(ab); } /** @@ -385,8 +383,8 @@ with const generics - RIGHT= 23 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d1(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_421(a, b); } /** @@ -396,7 +394,7 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db3(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb3(uint64_t x) { return x << (uint32_t)(int32_t)18 | x >> (uint32_t)(int32_t)46; } @@ -407,9 +405,9 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d2(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_422(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db3(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb3(ab); } /** @@ -423,8 +421,8 @@ with const generics - RIGHT= 46 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d2(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_422(a, b); } /** @@ -434,9 +432,9 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d3(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_423(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb(ab); } /** @@ -450,8 +448,8 @@ with const generics - RIGHT= 63 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d3(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_423(a, b); } /** @@ -461,7 +459,7 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db4(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb4(uint64_t x) { return x << (uint32_t)(int32_t)44 | x >> (uint32_t)(int32_t)20; } @@ -472,9 +470,9 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d4(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_424(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db4(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb4(ab); } /** @@ -488,8 +486,8 @@ with const generics - RIGHT= 20 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d4(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_424(a, b); } /** @@ -499,7 +497,7 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db5(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb5(uint64_t x) { return x << (uint32_t)(int32_t)10 | x >> (uint32_t)(int32_t)54; } @@ -510,9 +508,9 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d5(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_425(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db5(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb5(ab); } /** @@ -526,8 +524,8 @@ with const generics - RIGHT= 54 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d5(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_425(a, b); } /** @@ -537,7 +535,7 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db6(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb6(uint64_t x) { return x << (uint32_t)(int32_t)45 | x >> (uint32_t)(int32_t)19; } @@ -548,9 +546,9 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d6(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_426(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db6(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb6(ab); } /** @@ -564,8 +562,8 @@ with const generics - RIGHT= 19 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d6(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_426(a, b); } /** @@ -575,7 +573,7 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db7(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb7(uint64_t x) { return x << (uint32_t)(int32_t)2 | x >> (uint32_t)(int32_t)62; } @@ -586,9 +584,9 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d7(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_427(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db7(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb7(ab); } /** @@ -602,8 +600,8 @@ with const generics - RIGHT= 62 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d7(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_427(a, b); } /** @@ -613,7 +611,7 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db8(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb8(uint64_t x) { return x << (uint32_t)(int32_t)62 | x >> (uint32_t)(int32_t)2; } @@ -624,9 +622,9 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d8(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_428(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db8(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb8(ab); } /** @@ -640,8 +638,8 @@ with const generics - RIGHT= 2 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d8(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_428(a, b); } /** @@ -651,7 +649,7 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db9(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb9(uint64_t x) { return x << (uint32_t)(int32_t)6 | x >> (uint32_t)(int32_t)58; } @@ -662,9 +660,9 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d9(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_429(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db9(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb9(ab); } /** @@ -678,8 +676,8 @@ with const generics - RIGHT= 58 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d9(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_429(a, b); } /** @@ -689,7 +687,7 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db10(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb10(uint64_t x) { return x << (uint32_t)(int32_t)43 | x >> (uint32_t)(int32_t)21; } @@ -700,9 +698,9 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d10(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4210(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db10(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb10(ab); } /** @@ -716,8 +714,8 @@ with const generics - RIGHT= 21 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d10(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4210(a, b); } /** @@ -727,7 +725,7 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db11(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb11(uint64_t x) { return x << (uint32_t)(int32_t)15 | x >> (uint32_t)(int32_t)49; } @@ -738,9 +736,9 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d11(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4211(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db11(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb11(ab); } /** @@ -754,8 +752,8 @@ with const generics - RIGHT= 49 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d11(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4211(a, b); } /** @@ -765,7 +763,7 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db12(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb12(uint64_t x) { return x << (uint32_t)(int32_t)61 | x >> (uint32_t)(int32_t)3; } @@ -776,9 +774,9 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d12(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4212(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db12(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb12(ab); } /** @@ -792,8 +790,8 @@ with const generics - RIGHT= 3 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d12(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4212(a, b); } /** @@ -803,7 +801,7 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db13(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb13(uint64_t x) { return x << (uint32_t)(int32_t)28 | x >> (uint32_t)(int32_t)36; } @@ -814,9 +812,9 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d13(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4213(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db13(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb13(ab); } /** @@ -830,8 +828,8 @@ with const generics - RIGHT= 36 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d13(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4213(a, b); } /** @@ -841,7 +839,7 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db14(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb14(uint64_t x) { return x << (uint32_t)(int32_t)55 | x >> (uint32_t)(int32_t)9; } @@ -852,9 +850,9 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d14(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4214(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db14(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb14(ab); } /** @@ -868,8 +866,8 @@ with const generics - RIGHT= 9 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d14(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4214(a, b); } /** @@ -879,7 +877,7 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db15(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb15(uint64_t x) { return x << (uint32_t)(int32_t)25 | x >> (uint32_t)(int32_t)39; } @@ -890,9 +888,9 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d15(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4215(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db15(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb15(ab); } /** @@ -906,8 +904,8 @@ with const generics - RIGHT= 39 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d15(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4215(a, b); } /** @@ -917,7 +915,7 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db16(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb16(uint64_t x) { return x << (uint32_t)(int32_t)21 | x >> (uint32_t)(int32_t)43; } @@ -928,9 +926,9 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d16(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4216(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db16(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb16(ab); } /** @@ -944,8 +942,8 @@ with const generics - RIGHT= 43 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d16(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4216(a, b); } /** @@ -955,7 +953,7 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db17(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb17(uint64_t x) { return x << (uint32_t)(int32_t)56 | x >> (uint32_t)(int32_t)8; } @@ -966,9 +964,9 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d17(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4217(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db17(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb17(ab); } /** @@ -982,8 +980,8 @@ with const generics - RIGHT= 8 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d17(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4217(a, b); } /** @@ -993,7 +991,7 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db18(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb18(uint64_t x) { return x << (uint32_t)(int32_t)27 | x >> (uint32_t)(int32_t)37; } @@ -1004,9 +1002,9 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d18(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4218(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db18(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb18(ab); } /** @@ -1020,8 +1018,8 @@ with const generics - RIGHT= 37 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d18(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4218(a, b); } /** @@ -1031,7 +1029,7 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db19(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb19(uint64_t x) { return x << (uint32_t)(int32_t)20 | x >> (uint32_t)(int32_t)44; } @@ -1042,9 +1040,9 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d19(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4219(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db19(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb19(ab); } /** @@ -1058,8 +1056,8 @@ with const generics - RIGHT= 44 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d19(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4219(a, b); } /** @@ -1069,7 +1067,7 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db20(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb20(uint64_t x) { return x << (uint32_t)(int32_t)39 | x >> (uint32_t)(int32_t)25; } @@ -1080,9 +1078,9 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d20(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4220(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db20(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb20(ab); } /** @@ -1096,8 +1094,8 @@ with const generics - RIGHT= 25 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d20(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4220(a, b); } /** @@ -1107,7 +1105,7 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db21(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb21(uint64_t x) { return x << (uint32_t)(int32_t)8 | x >> (uint32_t)(int32_t)56; } @@ -1118,9 +1116,9 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d21(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4221(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db21(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb21(ab); } /** @@ -1134,8 +1132,8 @@ with const generics - RIGHT= 56 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d21(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4221(a, b); } /** @@ -1145,7 +1143,7 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_rotate_left_db22(uint64_t x) { +libcrux_sha3_portable_keccak_rotate_left_cb22(uint64_t x) { return x << (uint32_t)(int32_t)14 | x >> (uint32_t)(int32_t)50; } @@ -1156,9 +1154,9 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak__vxarq_u64_3d22(uint64_t a, uint64_t b) { +libcrux_sha3_portable_keccak__vxarq_u64_4222(uint64_t a, uint64_t b) { uint64_t ab = a ^ b; - return libcrux_sha3_portable_keccak_rotate_left_db22(ab); + return libcrux_sha3_portable_keccak_rotate_left_cb22(ab); } /** @@ -1172,8 +1170,8 @@ with const generics - RIGHT= 50 */ static KRML_MUSTINLINE uint64_t -libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(uint64_t a, uint64_t b) { - return libcrux_sha3_portable_keccak__vxarq_u64_3d22(a, b); +libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(uint64_t a, uint64_t b) { + return libcrux_sha3_portable_keccak__vxarq_u64_4222(a, b); } /** @@ -1182,7 +1180,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t c[5U] = { libcrux_sha3_portable_keccak_xor5_5a(s->st[0U][0U], s->st[1U][0U], @@ -1218,53 +1216,53 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_eb( c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); s->st[1U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da(s->st[1U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); s->st[2U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da0(s->st[2U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); s->st[3U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da1(s->st[3U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); s->st[4U][0U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da2(s->st[4U][0U], t[0U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); s->st[0U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da3(s->st[0U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); s->st[1U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da4(s->st[1U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); s->st[2U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da5(s->st[2U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); s->st[3U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da6(s->st[3U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); s->st[4U][1U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da7(s->st[4U][1U], t[1U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); s->st[0U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da8(s->st[0U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); s->st[1U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da9(s->st[1U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); s->st[2U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da10(s->st[2U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); s->st[3U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da11(s->st[3U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); s->st[4U][2U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da12(s->st[4U][2U], t[2U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); s->st[0U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da13(s->st[0U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); s->st[1U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da14(s->st[1U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); s->st[2U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da15(s->st[2U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); s->st[3U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da16(s->st[3U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); s->st[4U][3U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da17(s->st[4U][3U], t[3U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); s->st[0U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da18(s->st[0U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); s->st[1U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da19(s->st[1U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); s->st[2U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da20(s->st[2U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); s->st[3U][4U] = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da21(s->st[3U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); uint64_t uu____27 = - libcrux_sha3_portable_keccak_xor_and_rotate_5a_da22(s->st[4U][4U], t[4U]); + libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1274,7 +1272,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_b8( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_pi_1d( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1310,7 +1308,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_chi_12( libcrux_sha3_generic_keccak_KeccakState_48 *s) { uint64_t old[5U][5U]; memcpy(old, s->st, (size_t)5U * sizeof(uint64_t[5U])); @@ -1331,7 +1329,7 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_iota_62( libcrux_sha3_generic_keccak_KeccakState_48 *s, size_t i) { s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_constant_5a( s->st[0U][0U], libcrux_sha3_generic_keccak_ROUNDCONSTANTS[i]); @@ -1343,14 +1341,14 @@ with types uint64_t with const generics - N= 1 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_85( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccakf1600_21( libcrux_sha3_generic_keccak_KeccakState_48 *s) { for (size_t i = (size_t)0U; i < (size_t)24U; i++) { size_t i0 = i; - libcrux_sha3_generic_keccak_theta_rho_eb(s); - libcrux_sha3_generic_keccak_pi_b8(s); - libcrux_sha3_generic_keccak_chi_1f(s); - libcrux_sha3_generic_keccak_iota_83(s, i0); + libcrux_sha3_generic_keccak_theta_rho_16(s); + libcrux_sha3_generic_keccak_pi_1d(s); + libcrux_sha3_generic_keccak_chi_12(s); + libcrux_sha3_generic_keccak_iota_62(s, i0); } } @@ -1361,13 +1359,13 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b8(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1375,11 +1373,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b3(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c(s, buf); } /** @@ -1389,15 +1387,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_71( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); } /** @@ -1408,16 +1406,16 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1427,8 +1425,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_72( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_71(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d2(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1441,14 +1439,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1457,11 +1452,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1476,11 +1471,11 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_78( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_5a_29( uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d(a, ret); } /** @@ -1491,22 +1486,22 @@ with const generics - RATE= 72 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c5( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1517,9 +1512,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 72 +- RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_59( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_58(a, b); } @@ -1531,9 +1526,9 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_09( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_84( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1543,10 +1538,10 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_59(s->st, out); } /** @@ -1556,23 +1551,23 @@ with const generics - N= 1 - RATE= 72 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_83( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_78(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_29(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1584,12 +1579,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)72U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1598,23 +1593,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); - libcrux_sha3_generic_keccak_absorb_block_75(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_72(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c5(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)72U); @@ -1622,7 +1616,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_09(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_84(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -1640,12 +1634,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_75( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_83(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf(s, o1); } } } @@ -1656,12 +1650,12 @@ with const generics - RATE= 72 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_75(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); } /** @@ -1671,7 +1665,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a(buf0, buf); + libcrux_sha3_portable_keccakx1_ce(buf0, buf); } /** @@ -1679,7 +1673,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; @@ -1688,9 +1682,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b30( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1706,15 +1699,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b30(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); } /** @@ -1724,13 +1717,13 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd0(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1738,11 +1731,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b30(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } /** @@ -1752,15 +1745,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_710( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a0(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); } /** @@ -1771,16 +1764,16 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -1790,8 +1783,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_720( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -1804,14 +1797,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1820,11 +1810,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -1839,12 +1829,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_780(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_290(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa0(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d0(a, ret); } /** @@ -1855,22 +1845,22 @@ with const generics - RATE= 136 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1881,9 +1871,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 136 +- RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_590( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_580(a, b); } @@ -1895,9 +1885,9 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_090( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_840( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1907,10 +1897,10 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f0( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc0( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f0(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_590(s->st, out); } /** @@ -1920,23 +1910,23 @@ with const generics - N= 1 - RATE= 136 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_830( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_780(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_290(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1948,12 +1938,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -1962,23 +1952,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_720(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -1986,7 +1975,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2004,12 +1993,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_750( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2020,12 +2009,12 @@ with const generics - RATE= 136 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a0( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_750(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); } /** @@ -2035,7 +2024,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a0(buf0, buf); + libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } /** @@ -2046,16 +2035,16 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2065,8 +2054,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_721( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_710(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2077,12 +2066,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)136U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2091,23 +2080,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); - libcrux_sha3_generic_keccak_absorb_block_750(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_721(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d0(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c50(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)136U); @@ -2115,7 +2103,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_090(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_840(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2133,12 +2121,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_751( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_830(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf0(s, o1); } } } @@ -2149,12 +2137,12 @@ with const generics - RATE= 136 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_751(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); } /** @@ -2164,7 +2152,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a1(buf0, buf); + libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } /** @@ -2261,7 +2249,7 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } /** @@ -2269,7 +2257,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; @@ -2278,9 +2266,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b31( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2294,11 +2281,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b31(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } /** @@ -2308,15 +2295,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_711( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a1(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); } /** @@ -2327,16 +2314,16 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; @@ -2346,8 +2333,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_722( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_711(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2357,7 +2344,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { Eurydice_slice buf[1U] = {data0}; - libcrux_sha3_generic_keccak_absorb_final_722(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c72(s, buf); } /** @@ -2370,14 +2357,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2388,9 +2372,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_591( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_581(a, b); } @@ -2402,10 +2386,10 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f1( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -2415,7 +2399,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, buf); } /** @@ -2425,9 +2409,9 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_091( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_841( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f1(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_591(s->st, out); } /** @@ -2438,7 +2422,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( +libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -2446,15 +2430,15 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o2[1U]; memcpy(o2, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); } /** @@ -2464,7 +2448,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_three_blocks_7d(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc(s, buf); } #define libcrux_sha3_Sha224 0 @@ -2510,7 +2494,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; @@ -2519,9 +2503,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b32( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2537,15 +2520,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b32(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); } /** @@ -2555,13 +2538,13 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_751( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df1( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd1(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b81(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2569,11 +2552,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b32(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } /** @@ -2583,15 +2566,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_712( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a2(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); } /** @@ -2602,16 +2585,16 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2621,8 +2604,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_723( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_712(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d22(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2635,14 +2618,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2651,11 +2631,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa1( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -2670,12 +2650,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_781(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_291(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa1(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d1(a, ret); } /** @@ -2686,22 +2666,22 @@ with const generics - RATE= 144 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2712,9 +2692,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 144 +- RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_592( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_582(a, b); } @@ -2726,9 +2706,9 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_092( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_842( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2738,10 +2718,10 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f2( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f2(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_592(s->st, out); } /** @@ -2751,23 +2731,23 @@ with const generics - N= 1 - RATE= 144 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_831( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_781(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_291(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2779,12 +2759,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)144U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -2793,23 +2773,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); - libcrux_sha3_generic_keccak_absorb_block_751(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_723(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d1(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c51(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)144U); @@ -2817,7 +2796,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_092(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_842(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -2835,12 +2814,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_752( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f2(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc2(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_831(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf1(s, o1); } } } @@ -2851,12 +2830,12 @@ with const generics - RATE= 144 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_752(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); } /** @@ -2866,7 +2845,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a2(buf0, buf); + libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } /** @@ -2874,7 +2853,7 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( uint64_t (*s)[5U], Eurydice_slice blocks[1U]) { for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; @@ -2883,9 +2862,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_b33( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2901,15 +2879,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b33(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); } /** @@ -2919,13 +2897,13 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_752( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df2( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd2(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b82(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2933,11 +2911,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_7a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; - libcrux_sha3_portable_keccak_load_block_b33(s, buf); + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; + libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } /** @@ -2947,15 +2925,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_713( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_b[1U][200U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_7a3(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); } /** @@ -2966,16 +2944,16 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = Eurydice_slice_len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - Eurydice_slice_copy(uu____0, last[i0], uint8_t, void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 6U; size_t uu____1 = i0; @@ -2985,8 +2963,8 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_724( uint64_t(*uu____3)[5U] = s->st; uint8_t uu____4[1U][200U]; memcpy(uu____4, blocks, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_5a_713(uu____3, uu____4); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_full_5a_d23(uu____3, uu____4); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -2999,14 +2977,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); Eurydice_slice_copy( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -3015,11 +2990,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa2( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -3034,12 +3009,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_782(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_292(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa2(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d2(a, ret); } /** @@ -3050,22 +3025,22 @@ with const generics - RATE= 104 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3076,9 +3051,9 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_5a with const generics -- BLOCKSIZE= 104 +- RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_6f3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_5a_593( uint64_t (*a)[5U], Eurydice_slice b[1U]) { libcrux_sha3_portable_keccak_store_block_583(a, b); } @@ -3090,9 +3065,9 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_093( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_block_843( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -3102,10 +3077,10 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_1f3( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_next_block_fc3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(s); - libcrux_sha3_portable_keccak_store_block_5a_6f3(s->st, out); + libcrux_sha3_generic_keccak_keccakf1600_21(s); + libcrux_sha3_portable_keccak_store_block_5a_593(s->st, out); } /** @@ -3115,23 +3090,23 @@ with const generics - N= 1 - RATE= 104 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_832( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_782(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_292(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3143,12 +3118,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)104U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3157,23 +3132,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); - libcrux_sha3_generic_keccak_absorb_block_752(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_724(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d2(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c52(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)104U); @@ -3181,7 +3155,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_093(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_843(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3199,12 +3173,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_753( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f3(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc3(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_832(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf2(s, o1); } } } @@ -3215,12 +3189,12 @@ with const generics - RATE= 104 - DELIM= 6 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_753(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); } /** @@ -3230,7 +3204,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a3(buf0, buf); + libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } /** @@ -3250,8 +3224,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } @@ -3269,8 +3243,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3288,8 +3262,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } @@ -3307,8 +3281,8 @@ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } @@ -3319,15 +3293,15 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.load_block_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_fd3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_b[1U]; memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_b31(uu____0, copy_of_b); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); } /** @@ -3337,13 +3311,13 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_753( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_block_df3( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice blocks[1U]) { uint64_t(*uu____0)[5U] = s->st; Eurydice_slice uu____1[1U]; memcpy(uu____1, blocks, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_5a_fd3(uu____0, uu____1); - libcrux_sha3_generic_keccak_keccakf1600_85(s); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____0, uu____1); + libcrux_sha3_generic_keccak_keccakf1600_21(s); } /** @@ -3351,11 +3325,11 @@ A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_fa3( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_out[200U]; @@ -3370,12 +3344,12 @@ usize> for u64)} /** A monomorphic instance of libcrux_sha3.portable_keccak.store_block_full_5a with const generics -- BLOCKSIZE= 168 +- RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_portable_keccak_store_block_full_5a_783(uint64_t (*a)[5U], +libcrux_sha3_portable_keccak_store_block_full_5a_293(uint64_t (*a)[5U], uint8_t ret[1U][200U]) { - libcrux_sha3_portable_keccak_store_block_full_fa3(a, ret); + libcrux_sha3_portable_keccak_store_block_full_2d3(a, ret); } /** @@ -3386,22 +3360,22 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3( +libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s->st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s->st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3412,23 +3386,23 @@ with const generics - N= 1 - RATE= 168 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_833( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( libcrux_sha3_generic_keccak_KeccakState_48 s, Eurydice_slice out[1U]) { - libcrux_sha3_generic_keccak_keccakf1600_85(&s); + libcrux_sha3_generic_keccak_keccakf1600_21(&s); uint8_t b[1U][200U]; - libcrux_sha3_portable_keccak_store_block_full_5a_783(s.st, b); + libcrux_sha3_portable_keccak_store_block_full_5a_293(s.st, b); for (size_t i = (size_t)0U; i < (size_t)1U; i++) { size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = Eurydice_slice_len(out[i0], uint8_t, size_t); + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3440,12 +3414,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( Eurydice_slice data[1U], Eurydice_slice out[1U]) { libcrux_sha3_generic_keccak_KeccakState_48 s = - libcrux_sha3_generic_keccak_new_1e_f2(); + libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < Eurydice_slice_len(data[0U], uint8_t, size_t) / (size_t)168U; i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; /* Passing arrays by value in Rust generates a copy in C */ @@ -3454,23 +3428,22 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); - libcrux_sha3_generic_keccak_absorb_block_753(uu____0, ret); + libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } - size_t rem = Eurydice_slice_len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - copy_of_data, Eurydice_slice_len(data[0U], uint8_t, size_t) - rem, rem, - ret); - libcrux_sha3_generic_keccak_absorb_final_722(uu____2, ret); - size_t outlen = Eurydice_slice_len(out[0U], uint8_t, size_t); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); + libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { - libcrux_sha3_generic_keccak_squeeze_first_and_last_5d3(&s, out); + libcrux_sha3_generic_keccak_squeeze_first_and_last_c53(&s, out); } else { Eurydice_slice_uint8_t_1size_t__x2 uu____4 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3478,7 +3451,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o0, uu____4.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o1[1U]; memcpy(o1, uu____4.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(&s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(&s, o0); core_ops_range_Range_b3 iter = core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, @@ -3496,12 +3469,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_754( memcpy(o, uu____5.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice orest[1U]; memcpy(orest, uu____5.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(&s, o); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(&s, o); memcpy(o1, orest, (size_t)1U * sizeof(Eurydice_slice)); } } if (last < outlen) { - libcrux_sha3_generic_keccak_squeeze_last_833(s, o1); + libcrux_sha3_generic_keccak_squeeze_last_cf3(s, o1); } } } @@ -3512,12 +3485,12 @@ with const generics - RATE= 168 - DELIM= 31 */ -static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_2a4( +static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { /* Passing arrays by value in Rust generates a copy in C */ Eurydice_slice copy_of_data[1U]; memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_754(copy_of_data, out); + libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); } /** @@ -3527,7 +3500,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; Eurydice_slice buf[1U] = {digest}; - libcrux_sha3_portable_keccakx1_2a4(buf0, buf); + libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } /** @@ -3592,7 +3565,7 @@ with const generics - RATE= 168 */ static KRML_MUSTINLINE void -libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( +libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out[1U]) { Eurydice_slice_uint8_t_1size_t__x2 uu____0 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, (size_t)168U); @@ -3600,29 +3573,29 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92( memcpy(o0, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o10[1U]; memcpy(o10, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_first_block_091(s, o0); + libcrux_sha3_generic_keccak_squeeze_first_block_841(s, o0); Eurydice_slice_uint8_t_1size_t__x2 uu____1 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o10, (size_t)168U); Eurydice_slice o1[1U]; memcpy(o1, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o20[1U]; memcpy(o20, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o1); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o1); Eurydice_slice_uint8_t_1size_t__x2 uu____2 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o20, (size_t)168U); Eurydice_slice o2[1U]; memcpy(o2, uu____2.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o30[1U]; memcpy(o30, uu____2.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o2); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o2); Eurydice_slice_uint8_t_1size_t__x2 uu____3 = libcrux_sha3_portable_keccak_split_at_mut_n_5a(o30, (size_t)168U); Eurydice_slice o3[1U]; memcpy(o3, uu____3.fst, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice o4[1U]; memcpy(o4, uu____3.snd, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o3); - libcrux_sha3_generic_keccak_squeeze_next_block_1f1(s, o4); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o3); + libcrux_sha3_generic_keccak_squeeze_next_block_fc1(s, o4); } /** @@ -3632,7 +3605,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { Eurydice_slice buf[1U] = {out0}; - libcrux_sha3_generic_keccak_squeeze_first_five_blocks_92(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } /** @@ -3642,7 +3615,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { Eurydice_slice buf[1U] = {data}; - libcrux_sha3_generic_keccak_absorb_final_721(s, buf); + libcrux_sha3_generic_keccak_absorb_final_c71(s, buf); } /** @@ -3650,7 +3623,7 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( */ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { - return libcrux_sha3_generic_keccak_new_1e_f2(); + return libcrux_sha3_generic_keccak_new_1e_f4(); } /** @@ -3660,7 +3633,7 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_first_block_090(s, buf); + libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } /** @@ -3670,7 +3643,1176 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { Eurydice_slice buf[1U] = {out}; - libcrux_sha3_generic_keccak_squeeze_next_block_1f0(s, buf); + libcrux_sha3_generic_keccak_squeeze_next_block_fc0(s, buf); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $136size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][136U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_4f; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Absorb; + +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)136U) { + consumed = (size_t)136U - self->buf_len; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)136U, self->buf[i0], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t buf[136U] = {0U}; + borrowed[i] = core_array___Array_T__N__23__as_slice( + (size_t)136U, buf, uint8_t, Eurydice_slice); + } + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + borrowed[i0] = + Eurydice_array_to_slice((size_t)136U, self->buf[i0], uint8_t); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)136U; + size_t remainder = input_to_consume % (size_t)136U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + if (input_remainder_len > (size_t)0U) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** + Shake256 absorb +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_4f + libcrux_sha3_portable_incremental_Shake256Squeeze; + +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + blocks[i0][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i0; + size_t uu____5 = (size_t)136U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d20(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** + Shake256 absorb final +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_absorb_final_7d( + libcrux_sha3_generic_keccak_KeccakXofState_4f self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_25(&self, buf); + return self; +} + +/** + An all zero block +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( + uint8_t ret[136U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; +} + +/** + Generate a new keccak xof state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_generic_keccak_new_9d_7e(void) { + libcrux_sha3_generic_keccak_KeccakXofState_4f lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[136U]; + libcrux_sha3_generic_keccak_zero_block_9d_e6(ret); + memcpy(lit.buf[0U], ret, (size_t)136U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** + Shake256 new state +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for +libcrux_sha3::portable::incremental::Shake256Absorb)#2} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_4f +libcrux_sha3_portable_incremental_new_7d(void) { + return libcrux_sha3_generic_keccak_new_9d_7e(); +} + +/** +A monomorphic instance of libcrux_sha3.generic_keccak.KeccakXofState +with types uint64_t +with const generics +- $1size_t +- $168size_t +*/ +typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { + libcrux_sha3_generic_keccak_KeccakState_48 inner; + uint8_t buf[1U][168U]; + size_t buf_len; + bool sponge; +} libcrux_sha3_generic_keccak_KeccakXofState_78; + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Absorb; + +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.fill_buffer_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + size_t consumed = (size_t)0U; + if (self->buf_len > (size_t)0U) { + if (self->buf_len + input_len >= (size_t)168U) { + consumed = (size_t)168U - self->buf_len; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( + (size_t)168U, self->buf[i0], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( + uu____0, + Eurydice_slice_subslice_to(inputs[i0], consumed, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + consumed; + } + } + return consumed; +} + +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_full_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_consumed = + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); + if (input_consumed > (size_t)0U) { + Eurydice_slice borrowed[1U]; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + uint8_t buf[168U] = {0U}; + borrowed[i] = core_array___Array_T__N__23__as_slice( + (size_t)168U, buf, uint8_t, Eurydice_slice); + } + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + borrowed[i0] = + Eurydice_array_to_slice((size_t)168U, self->buf[i0], uint8_t); + } + uint64_t(*uu____2)[5U] = self->inner.st; + Eurydice_slice uu____3[1U]; + memcpy(uu____3, borrowed, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____2, uu____3); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + self->buf_len = (size_t)0U; + } + size_t input_to_consume = + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; + size_t num_blocks = input_to_consume / (size_t)168U; + size_t remainder = input_to_consume % (size_t)168U; + for (size_t i = (size_t)0U; i < num_blocks; i++) { + size_t i0 = i; + uint64_t(*uu____4)[5U] = self->inner.st; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice ret[1U]; + libcrux_sha3_portable_keccak_slice_n_5a( + copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + libcrux_sha3_portable_keccak_load_block_5a_b83(uu____4, ret); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + return remainder; +} + +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + if (input_remainder_len > (size_t)0U) { + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + self->buf[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____2, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + self->buf_len = self->buf_len + input_remainder_len; + } +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline void libcrux_sha3_portable_incremental_absorb_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_9d_7b0(self, buf); +} + +typedef libcrux_sha3_generic_keccak_KeccakXofState_78 + libcrux_sha3_portable_incremental_Shake128Squeeze; + +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.absorb_final_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +- DELIMITER= 31 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice inputs[1U]) { + libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); + size_t input_remainder_len = + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); + uint8_t blocks[1U][200U] = {{0U}}; + for (size_t i = (size_t)0U; i < (size_t)1U; i++) { + size_t i0 = i; + if (self->buf_len > (size_t)0U) { + Eurydice_slice uu____2 = Eurydice_array_to_subslice2( + blocks[i0], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i0], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); + } + if (input_remainder_len > (size_t)0U) { + Eurydice_slice uu____3 = Eurydice_array_to_subslice2( + blocks[i0], self->buf_len, self->buf_len + input_remainder_len, + uint8_t); + Eurydice_slice_copy( + uu____3, + Eurydice_slice_subslice_from( + inputs[i0], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); + } + blocks[i0][self->buf_len + input_remainder_len] = 31U; + size_t uu____4 = i0; + size_t uu____5 = (size_t)168U - (size_t)1U; + blocks[uu____4][uu____5] = (uint32_t)blocks[uu____4][uu____5] | 128U; + } + uint64_t(*uu____6)[5U] = self->inner.st; + uint8_t uu____7[1U][200U]; + memcpy(uu____7, blocks, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_5a_d21(uu____6, uu____7); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_absorb_final_1c( + libcrux_sha3_generic_keccak_KeccakXofState_78 self, Eurydice_slice input) { + Eurydice_slice buf[1U] = {input}; + libcrux_sha3_generic_keccak_absorb_final_9d_250(&self, buf); + return self; +} + +/** + An all zero block +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.zero_block_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( + uint8_t ret[168U]) { + ret[0U] = 0U; + ret[1U] = 0U; + ret[2U] = 0U; + ret[3U] = 0U; + ret[4U] = 0U; + ret[5U] = 0U; + ret[6U] = 0U; + ret[7U] = 0U; + ret[8U] = 0U; + ret[9U] = 0U; + ret[10U] = 0U; + ret[11U] = 0U; + ret[12U] = 0U; + ret[13U] = 0U; + ret[14U] = 0U; + ret[15U] = 0U; + ret[16U] = 0U; + ret[17U] = 0U; + ret[18U] = 0U; + ret[19U] = 0U; + ret[20U] = 0U; + ret[21U] = 0U; + ret[22U] = 0U; + ret[23U] = 0U; + ret[24U] = 0U; + ret[25U] = 0U; + ret[26U] = 0U; + ret[27U] = 0U; + ret[28U] = 0U; + ret[29U] = 0U; + ret[30U] = 0U; + ret[31U] = 0U; + ret[32U] = 0U; + ret[33U] = 0U; + ret[34U] = 0U; + ret[35U] = 0U; + ret[36U] = 0U; + ret[37U] = 0U; + ret[38U] = 0U; + ret[39U] = 0U; + ret[40U] = 0U; + ret[41U] = 0U; + ret[42U] = 0U; + ret[43U] = 0U; + ret[44U] = 0U; + ret[45U] = 0U; + ret[46U] = 0U; + ret[47U] = 0U; + ret[48U] = 0U; + ret[49U] = 0U; + ret[50U] = 0U; + ret[51U] = 0U; + ret[52U] = 0U; + ret[53U] = 0U; + ret[54U] = 0U; + ret[55U] = 0U; + ret[56U] = 0U; + ret[57U] = 0U; + ret[58U] = 0U; + ret[59U] = 0U; + ret[60U] = 0U; + ret[61U] = 0U; + ret[62U] = 0U; + ret[63U] = 0U; + ret[64U] = 0U; + ret[65U] = 0U; + ret[66U] = 0U; + ret[67U] = 0U; + ret[68U] = 0U; + ret[69U] = 0U; + ret[70U] = 0U; + ret[71U] = 0U; + ret[72U] = 0U; + ret[73U] = 0U; + ret[74U] = 0U; + ret[75U] = 0U; + ret[76U] = 0U; + ret[77U] = 0U; + ret[78U] = 0U; + ret[79U] = 0U; + ret[80U] = 0U; + ret[81U] = 0U; + ret[82U] = 0U; + ret[83U] = 0U; + ret[84U] = 0U; + ret[85U] = 0U; + ret[86U] = 0U; + ret[87U] = 0U; + ret[88U] = 0U; + ret[89U] = 0U; + ret[90U] = 0U; + ret[91U] = 0U; + ret[92U] = 0U; + ret[93U] = 0U; + ret[94U] = 0U; + ret[95U] = 0U; + ret[96U] = 0U; + ret[97U] = 0U; + ret[98U] = 0U; + ret[99U] = 0U; + ret[100U] = 0U; + ret[101U] = 0U; + ret[102U] = 0U; + ret[103U] = 0U; + ret[104U] = 0U; + ret[105U] = 0U; + ret[106U] = 0U; + ret[107U] = 0U; + ret[108U] = 0U; + ret[109U] = 0U; + ret[110U] = 0U; + ret[111U] = 0U; + ret[112U] = 0U; + ret[113U] = 0U; + ret[114U] = 0U; + ret[115U] = 0U; + ret[116U] = 0U; + ret[117U] = 0U; + ret[118U] = 0U; + ret[119U] = 0U; + ret[120U] = 0U; + ret[121U] = 0U; + ret[122U] = 0U; + ret[123U] = 0U; + ret[124U] = 0U; + ret[125U] = 0U; + ret[126U] = 0U; + ret[127U] = 0U; + ret[128U] = 0U; + ret[129U] = 0U; + ret[130U] = 0U; + ret[131U] = 0U; + ret[132U] = 0U; + ret[133U] = 0U; + ret[134U] = 0U; + ret[135U] = 0U; + ret[136U] = 0U; + ret[137U] = 0U; + ret[138U] = 0U; + ret[139U] = 0U; + ret[140U] = 0U; + ret[141U] = 0U; + ret[142U] = 0U; + ret[143U] = 0U; + ret[144U] = 0U; + ret[145U] = 0U; + ret[146U] = 0U; + ret[147U] = 0U; + ret[148U] = 0U; + ret[149U] = 0U; + ret[150U] = 0U; + ret[151U] = 0U; + ret[152U] = 0U; + ret[153U] = 0U; + ret[154U] = 0U; + ret[155U] = 0U; + ret[156U] = 0U; + ret[157U] = 0U; + ret[158U] = 0U; + ret[159U] = 0U; + ret[160U] = 0U; + ret[161U] = 0U; + ret[162U] = 0U; + ret[163U] = 0U; + ret[164U] = 0U; + ret[165U] = 0U; + ret[166U] = 0U; + ret[167U] = 0U; +} + +/** + Generate a new keccak xof state. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.new_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_generic_keccak_new_9d_7e0(void) { + libcrux_sha3_generic_keccak_KeccakXofState_78 lit; + lit.inner = libcrux_sha3_generic_keccak_new_1e_f4(); + uint8_t ret[168U]; + libcrux_sha3_generic_keccak_zero_block_9d_e60(ret); + memcpy(lit.buf[0U], ret, (size_t)168U * sizeof(uint8_t)); + lit.buf_len = (size_t)0U; + lit.sponge = false; + return lit; +} + +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofAbsorb<168: usize> for +libcrux_sha3::portable::incremental::Shake128Absorb)} +*/ +static inline libcrux_sha3_generic_keccak_KeccakXofState_78 +libcrux_sha3_portable_incremental_new_1c(void) { + return libcrux_sha3_generic_keccak_new_9d_7e0(); +} + +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); + } +} + +/** + Squeeze `N` x `LEN` bytes. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 136 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); + size_t blocks = out_len / (size_t)136U; + size_t last = out_len - out_len % (size_t)136U; + size_t mid; + if ((size_t)136U >= out_len) { + mid = out_len; + } else { + mid = (size_t)136U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, Option_b3) + .tag == None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)136U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** + Shake256 squeeze +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for +libcrux_sha3::portable::incremental::Shake256Squeeze)#3} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_8a( + libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); +} + +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ +/** +This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: +usize> for u64)} +*/ +/** +A monomorphic instance of libcrux_sha3.portable_keccak.store_5a +with const generics +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( + uint64_t (*state)[5U], Eurydice_slice out[1U]) { + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; + for (size_t i = (size_t)0U; i < num_full_blocks; i++) { + size_t i0 = i; + Eurydice_slice uu____0 = Eurydice_slice_subslice2( + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); + } + if (last_block_len != (size_t)0U) { + Eurydice_slice uu____1 = Eurydice_slice_subslice2( + out[0U], num_full_blocks * (size_t)8U, + num_full_blocks * (size_t)8U + last_block_len, uint8_t); + uint8_t ret[8U]; + core_num__u64_9__to_le_bytes( + state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); + Eurydice_slice_copy( + uu____1, + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); + } +} + +/** + Squeeze `N` x `LEN` bytes. +*/ +/** +This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} +*/ +/** +A monomorphic instance of libcrux_sha3.generic_keccak.squeeze_9d +with types uint64_t +with const generics +- PARALLEL_LANES= 1 +- RATE= 168 +*/ +static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, + Eurydice_slice out[1U]) { + if (self->sponge) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + } + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); + size_t blocks = out_len / (size_t)168U; + size_t last = out_len - out_len % (size_t)168U; + size_t mid; + if ((size_t)168U >= out_len) { + mid = out_len; + } else { + mid = (size_t)168U; + } + Eurydice_slice_uint8_t_1size_t__x2 uu____0 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out, mid); + Eurydice_slice out00[1U]; + memcpy(out00, uu____0.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice out_rest[1U]; + memcpy(out_rest, uu____0.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out00); + core_ops_range_Range_b3 iter = + core_iter_traits_collect___core__iter__traits__collect__IntoIterator_for_I__1__into_iter( + (CLITERAL(core_ops_range_Range_b3){.start = (size_t)1U, + .end = blocks}), + core_ops_range_Range_b3, core_ops_range_Range_b3); + while (true) { + if (core_iter_range___core__iter__traits__iterator__Iterator_for_core__ops__range__Range_A___6__next( + &iter, size_t, Option_b3) + .tag == None) { + break; + } else { + Eurydice_slice_uint8_t_1size_t__x2 uu____1 = + libcrux_sha3_portable_keccak_split_at_mut_n_5a(out_rest, + (size_t)168U); + Eurydice_slice out0[1U]; + memcpy(out0, uu____1.fst, (size_t)1U * sizeof(Eurydice_slice)); + Eurydice_slice tmp[1U]; + memcpy(tmp, uu____1.snd, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out0); + memcpy(out_rest, tmp, (size_t)1U * sizeof(Eurydice_slice)); + } + } + if (last < out_len) { + libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); + libcrux_sha3_portable_keccak_store_5a_1c0(self->inner.st, out_rest); + } + self->sponge = true; +} + +/** + Shake128 squeeze +*/ +/** +This function found in impl +{(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for +libcrux_sha3::portable::incremental::Shake128Squeeze)#1} +*/ +static inline void libcrux_sha3_portable_incremental_squeeze_10( + libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice out) { + Eurydice_slice buf[1U] = {out}; + libcrux_sha3_generic_keccak_squeeze_9d_960(self, buf); } /** diff --git a/libcrux-ml-kem/src/ind_cca.rs b/libcrux-ml-kem/src/ind_cca.rs index 4137cab1d..7127c1704 100644 --- a/libcrux-ml-kem/src/ind_cca.rs +++ b/libcrux-ml-kem/src/ind_cca.rs @@ -1,8 +1,7 @@ use crate::{ constant_time_ops::{ - compare_ciphertexts_in_constant_time, + compare_ciphertexts_in_constant_time, select_shared_secret_in_constant_time, compare_ciphertexts_select_shared_secret_in_constant_time, - select_shared_secret_in_constant_time, }, constants::{CPA_PKE_KEY_GENERATION_SEED_SIZE, H_DIGEST_SIZE, SHARED_SECRET_SIZE}, hash_functions::Hash, @@ -141,9 +140,9 @@ fn generate_keypair< implicit_rejection_value, ); let private_key: MlKemPrivateKey = - MlKemPrivateKey::from(&secret_key_serialized); + MlKemPrivateKey::from(secret_key_serialized); - MlKemKeyPair::from(private_key, MlKemPublicKey::from(&public_key)) + MlKemKeyPair::from(private_key, MlKemPublicKey::from(public_key)) } fn encapsulate< diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index 0c3bc7f65..ac045ae13 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -221,19 +221,37 @@ pub(crate) fn generate_keypair< >( key_generation_seed: &[u8], ) -> ([u8; PRIVATE_KEY_SIZE], [u8; PUBLIC_KEY_SIZE]) { - let (sk, pk) = generate_keypair_unpacked::( - key_generation_seed, - ); + // We don't use the unpacked function here in order to reduce stack size. + + // (ρ,σ) := G(d) + let hashed = Hasher::G(key_generation_seed); + let (seed_for_A, seed_for_secret_and_error) = hashed.split_at(32); + + let A_transpose = sample_matrix_A::(into_padded_array(seed_for_A), true); + + let prf_input: [u8; 33] = into_padded_array(seed_for_secret_and_error); + let (secret_as_ntt, domain_separator) = + sample_vector_cbd_then_ntt::(prf_input, 0); + let (error_as_ntt, _) = + sample_vector_cbd_then_ntt::( + prf_input, + domain_separator, + ); + + // tˆ := Aˆ ◦ sˆ + eˆ + let t_as_ntt = compute_As_plus_e(&A_transpose, &secret_as_ntt, &error_as_ntt); + + let seed_for_A: [u8; 32] = seed_for_A.try_into().unwrap(); // pk := (Encode_12(tˆ mod^{+}q) || ρ) let public_key_serialized = serialize_public_key::( - &pk.t_as_ntt, - &pk.seed_for_A, + &t_as_ntt, + &seed_for_A, ); // sk := Encode_12(sˆ mod^{+}q) - let secret_key_serialized = serialize_secret_key(&sk.secret_as_ntt); + let secret_key_serialized = serialize_secret_key(&secret_as_ntt); (secret_key_serialized, public_key_serialized) } diff --git a/libcrux-ml-kem/src/mlkem1024.rs b/libcrux-ml-kem/src/mlkem1024.rs index 78d21d7b9..567c142ac 100644 --- a/libcrux-ml-kem/src/mlkem1024.rs +++ b/libcrux-ml-kem/src/mlkem1024.rs @@ -234,6 +234,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem512.rs b/libcrux-ml-kem/src/mlkem512.rs index 8f7d72172..adb0ce646 100644 --- a/libcrux-ml-kem/src/mlkem512.rs +++ b/libcrux-ml-kem/src/mlkem512.rs @@ -227,6 +227,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) diff --git a/libcrux-ml-kem/src/mlkem768.rs b/libcrux-ml-kem/src/mlkem768.rs index 82666e8bc..979524a14 100644 --- a/libcrux-ml-kem/src/mlkem768.rs +++ b/libcrux-ml-kem/src/mlkem768.rs @@ -230,6 +230,7 @@ macro_rules! instantiate { #[cfg_attr( hax, hax_lib::fstar::before( + interface, " let _ = (* This module has implicit dependencies, here we make them explicit. *) From 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 19:15:03 +0000 Subject: [PATCH 13/16] update C extraction --- .docker/c/install.sh | 12 +- libcrux-ml-kem/c.yaml | 7 + libcrux-ml-kem/c/code_gen.txt | 10 +- libcrux-ml-kem/c/eurydice_glue.h | 51 +- libcrux-ml-kem/c/internal/libcrux_core.h | 82 +- .../c/internal/libcrux_mlkem_avx2.h | 76 +- .../c/internal/libcrux_mlkem_neon.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 76 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 10 +- .../c/internal/libcrux_sha3_internal.h | 351 +- .../c/intrinsics/libcrux_intrinsics_avx2.h | 245 +- libcrux-ml-kem/c/libcrux_core.c | 241 +- libcrux-ml-kem/c/libcrux_core.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 154 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.c | 126 +- libcrux-ml-kem/c/libcrux_mlkem1024_neon.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 154 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 52 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem512_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 148 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.c | 124 +- libcrux-ml-kem/c/libcrux_mlkem768_neon.h | 48 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 152 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 50 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 6195 +++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 263 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 16 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 10 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 4668 ++++++++----- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 92 +- libcrux-ml-kem/c/libcrux_sha3.h | 81 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 1638 ++--- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 39 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 607 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 41 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 41 +- 46 files changed, 9507 insertions(+), 7153 deletions(-) diff --git a/.docker/c/install.sh b/.docker/c/install.sh index 596d0c366..86bbb3f9f 100644 --- a/.docker/c/install.sh +++ b/.docker/c/install.sh @@ -25,24 +25,24 @@ unzip hacl-star.zip rm -rf hacl-star.zip mv hacl-star-2a8b61343a1a7232611cb763b0dc3e4dff84d656/ hacl-star -curl -L https://github.com/AeneasVerif/charon/archive/53530427db2941ce784201e64086766504bc5642.zip \ +curl -L https://github.com/AeneasVerif/charon/archive/962f26311ccdf09a6a3cfeacbccafba22bf3d405.zip \ --output charon.zip unzip charon.zip rm -rf charon.zip -mv charon-53530427db2941ce784201e64086766504bc5642/ charon +mv charon-962f26311ccdf09a6a3cfeacbccafba22bf3d405/ charon -curl -L https://github.com/FStarLang/karamel/archive/2bd16e63cfbfa2b81d3c45d597b811ca2a12d430.zip \ +curl -L https://github.com/FStarLang/karamel/archive/7862fdc3899b718d39ec98568f78ec40592a622a.zip \ --output karamel.zip unzip karamel.zip rm -rf karamel.zip -mv karamel-2bd16e63cfbfa2b81d3c45d597b811ca2a12d430/ karamel +mv karamel-7862fdc3899b718d39ec98568f78ec40592a622a/ karamel -curl -L https://github.com/AeneasVerif/eurydice/archive/05ade3c33b87927d9873736212cc5078c1fc3d69.zip \ +curl -L https://github.com/AeneasVerif/eurydice/archive/e66abbc2119485abfafa17c1911bdbdada5b04f3.zip \ --output eurydice.zip unzip eurydice.zip rm -rf eurydice.zip -mv eurydice-05ade3c33b87927d9873736212cc5078c1fc3d69/ eurydice +mv eurydice-e66abbc2119485abfafa17c1911bdbdada5b04f3/ eurydice echo "export FSTAR_HOME=$HOME/fstar" >>$HOME/.profile echo "export HACL_HOME=$HOME/hacl-star" >>$HOME/.profile diff --git a/libcrux-ml-kem/c.yaml b/libcrux-ml-kem/c.yaml index 4dab8e235..2af7c36be 100644 --- a/libcrux-ml-kem/c.yaml +++ b/libcrux-ml-kem/c.yaml @@ -230,3 +230,10 @@ files: private: - [libcrux_ml_kem, "*"] inline_static: true + +naming: + skip_prefix: + - [ core, core_arch, arm_shared, neon ] + - [ core, core_arch, x86 ] + - [libcrux_intrinsics, arm64] + - [libcrux_intrinsics, avx2] diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index 5c241aed0..a2424cd2d 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -1,6 +1,6 @@ This code was generated with the following revisions: -Charon: 53530427db2941ce784201e64086766504bc5642 -Eurydice: 67f4341506300372fba9cb8de070234935839cb7 -Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 -F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 -Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 +Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 +Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 +Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a +F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty +Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b diff --git a/libcrux-ml-kem/c/eurydice_glue.h b/libcrux-ml-kem/c/eurydice_glue.h index 7fee796ff..a97683fa6 100644 --- a/libcrux-ml-kem/c/eurydice_glue.h +++ b/libcrux-ml-kem/c/eurydice_glue.h @@ -54,33 +54,33 @@ typedef struct { // which is NOT correct C syntax, so we add a dedicated phase in Eurydice that // adds an extra argument to this macro at the last minute so that we have the // correct type of *pointers* to elements. -#define Eurydice_slice_index(s, i, t, t_ptr_t, _ret_t) (((t_ptr_t)s.ptr)[i]) -#define Eurydice_slice_subslice(s, r, t, _, _ret_t) \ +#define Eurydice_slice_index(s, i, t, t_ptr_t) (((t_ptr_t)s.ptr)[i]) +#define Eurydice_slice_subslice(s, r, t, _) \ EURYDICE_SLICE((t *)s.ptr, r.start, r.end) // Variant for when the start and end indices are statically known (i.e., the // range argument `r` is a literal). -#define Eurydice_slice_subslice2(s, start, end, t, _) \ +#define Eurydice_slice_subslice2(s, start, end, t) \ EURYDICE_SLICE((t *)s.ptr, start, end) -#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_to(s, subslice_end_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, 0, subslice_end_pos) -#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _, _ret_t) \ +#define Eurydice_slice_subslice_from(s, subslice_start_pos, t, _) \ EURYDICE_SLICE((t *)s.ptr, subslice_start_pos, s.len) -#define Eurydice_array_to_slice(end, x, t, _ret_t) \ - EURYDICE_SLICE(x, 0, \ +#define Eurydice_array_to_slice(end, x, t) \ + EURYDICE_SLICE(x, 0, \ end) /* x is already at an array type, no need for cast */ -#define Eurydice_array_to_subslice(_arraylen, x, r, t, _, _ret_t) \ +#define Eurydice_array_to_subslice(_arraylen, x, r, t, _) \ EURYDICE_SLICE((t *)x, r.start, r.end) // Same as above, variant for when start and end are statically known -#define Eurydice_array_to_subslice2(x, start, end, t, _ret_t) \ +#define Eurydice_array_to_subslice2(x, start, end, t) \ EURYDICE_SLICE((t *)x, start, end) -#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_to(_size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, 0, r) -#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t, _ret_t) \ +#define Eurydice_array_to_subslice_from(size, x, r, t, _range_t) \ EURYDICE_SLICE((t *)x, r, size) -#define Eurydice_array_repeat(dst, len, init, t, _ret_t) \ +#define Eurydice_array_repeat(dst, len, init, t) \ ERROR "should've been desugared" -#define core_slice___Slice_T___len(s, t, _ret_t) EURYDICE_SLICE_LEN(s, t) -#define core_slice___Slice_T___copy_from_slice(dst, src, t, _ret_t) \ +#define Eurydice_slice_len(s, t) EURYDICE_SLICE_LEN(s, t) +#define Eurydice_slice_copy(dst, src, t) \ memcpy(dst.ptr, src.ptr, dst.len * sizeof(t)) #define core_array___Array_T__N__23__as_slice(len_, ptr_, t, _ret_t) \ ((Eurydice_slice){.ptr = ptr_, .len = len_}) @@ -90,25 +90,26 @@ typedef struct { (memcpy(dst, src, len * sizeof(elem_type))) #define core_array_TryFromSliceError uint8_t -#define Eurydice_array_eq(sz, a1, a2, t, _, _ret_t) \ +#define Eurydice_array_eq(sz, a1, a2, t, _) \ (memcmp(a1, a2, sz * sizeof(t)) == 0) -#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq \ - Eurydice_array_eq +#define core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( \ + sz, a1, a2, t, _, _ret_t) \ + Eurydice_array_eq(sz, a1, a2, t, _) -#define core_slice___Slice_T___split_at(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ +#define Eurydice_slice_split_at(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = EURYDICE_SLICE((element_type *)slice.ptr, 0, mid), \ .snd = EURYDICE_SLICE((element_type *)slice.ptr, mid, slice.len)}) -#define core_slice___Slice_T___split_at_mut(slice, mid, element_type, ret_t) \ - (CLITERAL(ret_t){ \ - .fst = {.ptr = slice.ptr, .len = mid}, \ - .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ +#define Eurydice_slice_split_at_mut(slice, mid, element_type, ret_t) \ + (CLITERAL(ret_t){ \ + .fst = {.ptr = slice.ptr, .len = mid}, \ + .snd = {.ptr = (char *)slice.ptr + mid * sizeof(element_type), \ .len = slice.len - mid}}) // Conversion of slice to an array, rewritten (by Eurydice) to name the // destination array, since arrays are not values in C. // N.B.: see note in karamel/lib/Inlining.ml if you change this. -#define Eurydice_slice_to_array2(dst, src, _, t_arr, _ret_t) \ +#define Eurydice_slice_to_array2(dst, src, _, t_arr) \ Eurydice_slice_to_array3(&(dst)->tag, (char *)&(dst)->val.case_Ok, src, \ sizeof(t_arr)) diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index c267a11d4..74e72ff40 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_core_H @@ -75,9 +75,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8e1( uint8_t value[1568U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -88,7 +91,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_121( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk); @@ -101,7 +104,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_db1( uint8_t value[3168U]); /** @@ -113,9 +116,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( uint8_t value[1568U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -124,7 +130,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f1( libcrux_ml_kem_types_MlKemPublicKey_1f *self); /** @@ -136,9 +142,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -156,9 +165,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8e0( uint8_t value[1184U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -169,7 +181,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_120( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk); @@ -182,7 +194,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_db0( uint8_t value[2400U]); /** @@ -194,9 +206,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( uint8_t value[1088U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -205,7 +220,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f0( libcrux_ml_kem_types_MlKemPublicKey_15 *self); /** @@ -217,9 +232,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -237,9 +255,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8e( uint8_t value[800U]); +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -250,7 +271,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_12( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk); @@ -263,7 +284,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( uint8_t value[1632U]); /** @@ -275,9 +296,12 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( uint8_t value[768U]); +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -286,9 +310,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( libcrux_ml_kem_types_MlKemPublicKey_be *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -320,6 +347,9 @@ with types uint8_t[32size_t], core_array_TryFromSliceError */ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -337,9 +367,12 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -348,6 +381,9 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]); +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index 400fe304e..fddfc05eb 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -32,7 +32,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f91(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -47,8 +47,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -62,7 +70,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -82,7 +90,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -105,7 +113,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -130,7 +138,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -156,7 +164,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_261( +void libcrux_ml_kem_ind_cca_decapsulate_b61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -168,7 +176,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f90(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -183,8 +191,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]); + +/** + Packed API + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -198,7 +214,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -218,7 +234,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -241,7 +257,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -266,7 +282,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -292,7 +308,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_260( +void libcrux_ml_kem_ind_cca_decapsulate_b60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -304,7 +320,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_f9(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -319,8 +335,16 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]); + +/** + Packed API + + Generate a key pair. + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -333,7 +357,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( uint8_t randomness[64U]); /** @@ -354,7 +378,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -377,7 +401,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -402,7 +426,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -428,7 +452,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_26( +void libcrux_ml_kem_ind_cca_decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h index 57231a2ff..03c96041e 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __internal_libcrux_mlkem_neon_H @@ -48,6 +48,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -184,6 +192,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, @@ -320,6 +336,14 @@ libcrux_ml_kem_hash_functions_neon_Simd128Hash with const generics libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_neon_vector_type_SIMD128Vector, diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index 02b20eae1..dec2addfe 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_mlkem_portable_H @@ -37,7 +37,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c21(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -53,8 +53,16 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -69,7 +77,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -90,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -113,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -139,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -165,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_241( +void libcrux_ml_kem_ind_cca_decapsulate_b21( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -177,7 +185,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c20(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -193,8 +201,16 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); + +/** + Packed API + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -209,7 +225,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -230,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -253,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -279,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -305,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_240( +void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -317,7 +333,7 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key); +bool libcrux_ml_kem_ind_cca_validate_public_key_c2(uint8_t *public_key); /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair_unpacked @@ -333,8 +349,16 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); + +/** + Packed API + + Generate a key pair. + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -349,7 +373,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]); /** A monomorphic instance of libcrux_ml_kem.ind_cca.encapsulate_unpacked @@ -370,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -393,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -419,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -445,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_24( +void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 6b1490d57..7ed30875a 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 80cd5b7ab..43b7619f7 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __internal_libcrux_sha3_internal_H @@ -24,11 +24,17 @@ extern "C" { typedef libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_KeccakState; +/** + Create a new SHAKE-128 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake128_init(void) { return libcrux_sha3_generic_keccak_new_1e_f4(); } +/** + Absorb +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data0) { @@ -36,6 +42,9 @@ libcrux_sha3_portable_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_absorb_final_c7(s, buf); } +/** + Squeeze another block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -70,6 +79,9 @@ libcrux_sha3_generic_keccak_squeeze_first_three_blocks_cc( libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o2); } +/** + Squeeze three blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -84,6 +96,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( typedef uint8_t libcrux_sha3_Algorithm; +/** + Returns the output size of a digest. +*/ static inline size_t libcrux_sha3_digest_size(libcrux_sha3_Algorithm mode) { size_t uu____0; switch (mode) { @@ -167,6 +182,9 @@ libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f( libcrux_sha3_generic_keccak_squeeze_next_block_fc(s, o4); } +/** + Squeeze five blocks +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out0) { @@ -174,6 +192,9 @@ libcrux_sha3_portable_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_squeeze_first_five_blocks_4f(s, buf); } +/** + Absorb some data for SHAKE-256 for the last time +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice data) { @@ -181,11 +202,17 @@ libcrux_sha3_portable_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_c70(s, buf); } +/** + Create a new SHAKE-256 state object. +*/ static KRML_MUSTINLINE libcrux_sha3_generic_keccak_KeccakState_48 libcrux_sha3_portable_incremental_shake256_init(void) { return libcrux_sha3_generic_keccak_new_1e_f4(); } +/** + Squeeze the first SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -193,6 +220,9 @@ libcrux_sha3_portable_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_squeeze_first_block_840(s, buf); } +/** + Squeeze the next SHAKE-256 block +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice out) { @@ -217,6 +247,15 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_4f_s { typedef libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_Shake256Absorb; +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -231,7 +270,7 @@ with const generics static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { if (self->buf_len + input_len >= (size_t)136U) { @@ -239,13 +278,11 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b0( { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + (size_t)136U, self->buf[i], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + consumed; } @@ -268,10 +305,11 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, uu____1); + libcrux_sha3_generic_keccak_fill_buffer_9d_b0(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -281,8 +319,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( } { size_t i = (size_t)0U; - borrowed[i] = Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t, - Eurydice_slice); + borrowed[i] = + Eurydice_array_to_slice((size_t)136U, self->buf[i], uint8_t); } uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; @@ -292,23 +330,36 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f8( self->buf_len = (size_t)0U; } size_t input_to_consume = - core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; size_t num_blocks = input_to_consume / (size_t)136U; size_t remainder = input_to_consume % (size_t)136U; for (size_t i = (size_t)0U; i < num_blocks; i++) { size_t i0 = i; uint64_t(*uu____4)[5U] = self->inner.st; - Eurydice_slice uu____5[1U]; - memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____5, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); + copy_of_inputs, input_consumed + i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_portable_keccak_load_block_5a_b8(uu____4, ret); libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } return remainder; } +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -324,28 +375,31 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( self->buf[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + input_remainder_len; } } +/** + Shake256 absorb +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for @@ -360,6 +414,12 @@ static inline void libcrux_sha3_portable_incremental_absorb_7d( typedef libcrux_sha3_generic_keccak_KeccakXofState_4f libcrux_sha3_portable_incremental_Shake256Squeeze; +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -376,33 +436,32 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( libcrux_sha3_generic_keccak_KeccakXofState_4f *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_4f *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, uu____1); - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + libcrux_sha3_generic_keccak_absorb_full_9d_f8(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (self->buf_len > (size_t)0U) { Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, - uint8_t, Eurydice_slice), - uint8_t, void *); + blocks[i], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); } if (input_remainder_len > (size_t)0U) { Eurydice_slice uu____3 = Eurydice_array_to_subslice2( blocks[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } blocks[i][self->buf_len + input_remainder_len] = 31U; size_t uu____4 = i; @@ -416,6 +475,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_25( libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } +/** + Shake256 absorb final +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for @@ -429,6 +491,9 @@ libcrux_sha3_portable_incremental_absorb_final_7d( return self; } +/** + An all zero block +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -580,6 +645,9 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_e6( ret[135U] = 0U; } +/** + Generate a new keccak xof state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -603,6 +671,9 @@ libcrux_sha3_generic_keccak_new_9d_7e(void) { return lit; } +/** + Shake256 new state +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofAbsorb<136: usize> for @@ -630,6 +701,15 @@ typedef struct libcrux_sha3_generic_keccak_KeccakXofState_78_s { typedef libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_Shake128Absorb; +/** + Consume the internal buffer and the required amount of the input to pad to + `RATE`. + + Returns the `consumed` bytes from `inputs` if there's enough buffered + content to consume, and `0` otherwise. + If `consumed > 0` is returned, `self.buf` contains a full block to be + loaded. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -644,7 +724,7 @@ with const generics static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); size_t consumed = (size_t)0U; if (self->buf_len > (size_t)0U) { if (self->buf_len + input_len >= (size_t)168U) { @@ -652,13 +732,11 @@ static inline size_t libcrux_sha3_generic_keccak_fill_buffer_9d_b00( { size_t i = (size_t)0U; Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( - (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + (size_t)168U, self->buf[i], self->buf_len, uint8_t, size_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_to(inputs[i], consumed, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + consumed; } @@ -681,10 +759,11 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs0[1U]; + memcpy(copy_of_inputs0, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_consumed = - libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, uu____1); + libcrux_sha3_generic_keccak_fill_buffer_9d_b00(uu____0, copy_of_inputs0); if (input_consumed > (size_t)0U) { Eurydice_slice borrowed[1U]; { @@ -694,8 +773,8 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( } { size_t i = (size_t)0U; - borrowed[i] = Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t, - Eurydice_slice); + borrowed[i] = + Eurydice_array_to_slice((size_t)168U, self->buf[i], uint8_t); } uint64_t(*uu____2)[5U] = self->inner.st; Eurydice_slice uu____3[1U]; @@ -705,23 +784,36 @@ static inline size_t libcrux_sha3_generic_keccak_absorb_full_9d_f80( self->buf_len = (size_t)0U; } size_t input_to_consume = - core_slice___Slice_T___len(inputs[0U], uint8_t, size_t) - input_consumed; + Eurydice_slice_len(inputs[0U], uint8_t) - input_consumed; size_t num_blocks = input_to_consume / (size_t)168U; size_t remainder = input_to_consume % (size_t)168U; for (size_t i = (size_t)0U; i < num_blocks; i++) { size_t i0 = i; uint64_t(*uu____4)[5U] = self->inner.st; - Eurydice_slice uu____5[1U]; - memcpy(uu____5, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____5, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); + copy_of_inputs, input_consumed + i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_portable_keccak_load_block_5a_b80(uu____4, ret); libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } return remainder; } +/** + Absorb + + This function takes any number of bytes to absorb and buffers if it's not + enough. The function assumes that all input slices in `blocks` have the same + length. + + Only a multiple of `RATE` blocks are absorbed. + For the remaining bytes [`absorb_final`] needs to be called. + + This works best with relatively small `inputs`. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -737,23 +829,23 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_9d_7b0( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); if (input_remainder_len > (size_t)0U) { - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); { size_t i = (size_t)0U; Eurydice_slice uu____2 = Eurydice_array_to_subslice2( self->buf[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } self->buf_len = self->buf_len + input_remainder_len; } @@ -773,6 +865,12 @@ static inline void libcrux_sha3_portable_incremental_absorb_1c( typedef libcrux_sha3_generic_keccak_KeccakXofState_78 libcrux_sha3_portable_incremental_Shake128Squeeze; +/** + Absorb a final block. + + The `inputs` block may be empty. Everything in the `inputs` block beyond + `RATE` bytes is ignored. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -789,33 +887,32 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_9d_250( libcrux_sha3_generic_keccak_KeccakXofState_78 *self, Eurydice_slice inputs[1U]) { libcrux_sha3_generic_keccak_KeccakXofState_78 *uu____0 = self; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, inputs, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_inputs[1U]; + memcpy(copy_of_inputs, inputs, (size_t)1U * sizeof(Eurydice_slice)); size_t input_remainder_len = - libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, uu____1); - size_t input_len = core_slice___Slice_T___len(inputs[0U], uint8_t, size_t); + libcrux_sha3_generic_keccak_absorb_full_9d_f80(uu____0, copy_of_inputs); + size_t input_len = Eurydice_slice_len(inputs[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (self->buf_len > (size_t)0U) { Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, self->buf_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, - Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, self->buf_len, - uint8_t, Eurydice_slice), - uint8_t, void *); + blocks[i], (size_t)0U, self->buf_len, uint8_t); + Eurydice_slice_copy(uu____2, + Eurydice_array_to_subslice2(self->buf[i], (size_t)0U, + self->buf_len, uint8_t), + uint8_t); } if (input_remainder_len > (size_t)0U) { Eurydice_slice uu____3 = Eurydice_array_to_subslice2( blocks[i], self->buf_len, self->buf_len + input_remainder_len, - uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice_from(inputs[i], - input_len - input_remainder_len, uint8_t, - size_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_subslice_from( + inputs[i], input_len - input_remainder_len, uint8_t, size_t), + uint8_t); } blocks[i][self->buf_len + input_remainder_len] = 31U; size_t uu____4 = i; @@ -842,6 +939,9 @@ libcrux_sha3_portable_incremental_absorb_final_1c( return self; } +/** + An all zero block +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1025,6 +1125,9 @@ static inline void libcrux_sha3_generic_keccak_zero_block_9d_e60( ret[167U] = 0U; } +/** + Generate a new keccak xof state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1058,6 +1161,9 @@ libcrux_sha3_portable_incremental_new_1c(void) { return libcrux_sha3_generic_keccak_new_9d_7e0(); } +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: usize> for u64)} @@ -1069,37 +1175,34 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c( uint64_t (*state)[5U], Eurydice_slice out[1U]) { - size_t num_full_blocks = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; - size_t last_block_len = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; for (size_t i = (size_t)0U; i < num_full_blocks; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } if (last_block_len != (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[0U], num_full_blocks * (size_t)8U, - num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + num_full_blocks * (size_t)8U + last_block_len, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes( state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); } } +/** + Squeeze `N` x `LEN` bytes. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1117,7 +1220,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( if (self->sponge) { libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } - size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)136U; size_t last = out_len - out_len % (size_t)136U; size_t mid; @@ -1163,6 +1266,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_96( self->sponge = true; } +/** + Shake256 squeeze +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofSqueeze<136: usize> for @@ -1174,6 +1280,9 @@ static inline void libcrux_sha3_portable_incremental_squeeze_8a( libcrux_sha3_generic_keccak_squeeze_9d_96(self, buf); } +/** + `out` has the exact size we want here. It must be less than or equal to `RATE`. +*/ /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<1: usize> for u64)} @@ -1185,37 +1294,34 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_5a_1c0( uint64_t (*state)[5U], Eurydice_slice out[1U]) { - size_t num_full_blocks = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) / (size_t)8U; - size_t last_block_len = - core_slice___Slice_T___len(out[0U], uint8_t, size_t) % (size_t)8U; + size_t num_full_blocks = Eurydice_slice_len(out[0U], uint8_t) / (size_t)8U; + size_t last_block_len = Eurydice_slice_len(out[0U], uint8_t) % (size_t)8U; for (size_t i = (size_t)0U; i < num_full_blocks; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(state[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } if (last_block_len != (size_t)0U) { Eurydice_slice uu____1 = Eurydice_slice_subslice2( out[0U], num_full_blocks * (size_t)8U, - num_full_blocks * (size_t)8U + last_block_len, uint8_t, Eurydice_slice); + num_full_blocks * (size_t)8U + last_block_len, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes( state[num_full_blocks / (size_t)5U][num_full_blocks % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(ret, (size_t)0U, last_block_len, uint8_t), + uint8_t); } } +/** + Squeeze `N` x `LEN` bytes. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakXofState[TraitClause@0]#2} @@ -1233,7 +1339,7 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( if (self->sponge) { libcrux_sha3_generic_keccak_keccakf1600_21(&self->inner); } - size_t out_len = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t out_len = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = out_len / (size_t)168U; size_t last = out_len - out_len % (size_t)168U; size_t mid; @@ -1279,6 +1385,9 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_9d_960( self->sponge = true; } +/** + Shake128 squeeze +*/ /** This function found in impl {(libcrux_sha3::portable::incremental::XofSqueeze<168: usize> for diff --git a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h index d7ebcbe67..df3cab052 100644 --- a/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h +++ b/libcrux-ml-kem/c/intrinsics/libcrux_intrinsics_avx2.h @@ -21,60 +21,52 @@ typedef __m256i core_core_arch_x86___m256i; // Cast and Convert -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm256_castsi256_si128(core_core_arch_x86___m256i a) { +static inline core_core_arch_x86___m128i mm256_castsi256_si128( + core_core_arch_x86___m256i a) { return _mm256_castsi256_si128(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_cvtepi16_epi32( + core_core_arch_x86___m128i a) { return _mm256_cvtepi16_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_castsi128_si256(core_core_arch_x86___m128i a) { +static inline core_core_arch_x86___m256i mm256_castsi128_si256( + core_core_arch_x86___m128i a) { return _mm256_castsi128_si256(a); } // Initialize, Load, Store -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_setzero_si256(void) { +static inline core_core_arch_x86___m256i mm256_setzero_si256(void) { return _mm256_setzero_si256(); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi16(int16_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi16(int16_t a) { return _mm256_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi32(int32_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi32(int32_t a) { return _mm256_set1_epi32(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set1_epi64x(int64_t a) { +static inline core_core_arch_x86___m256i mm256_set1_epi64x(int64_t a) { return _mm256_set1_epi64x(a); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set1_epi16( - int16_t a) { +static inline core_core_arch_x86___m128i mm_set1_epi16(int16_t a) { return _mm_set1_epi16(a); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi16(int16_t x0, int16_t x1, int16_t x2, - int16_t x3, int16_t x4, int16_t x5, - int16_t x6, int16_t x7, int16_t x8, - int16_t x9, int16_t x10, int16_t x11, - int16_t x12, int16_t x13, int16_t x14, - int16_t x15) { +static inline core_core_arch_x86___m256i mm256_set_epi16( + int16_t x0, int16_t x1, int16_t x2, int16_t x3, int16_t x4, int16_t x5, + int16_t x6, int16_t x7, int16_t x8, int16_t x9, int16_t x10, int16_t x11, + int16_t x12, int16_t x13, int16_t x14, int16_t x15) { return _mm256_set_epi16(x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15); } -static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( +static inline core_core_arch_x86___m256i mm256_set_epi8( int8_t x0, int8_t x1, int8_t x2, int8_t x3, int8_t x4, int8_t x5, int8_t x6, int8_t x7, int8_t x8, int8_t x9, int8_t x10, int8_t x11, int8_t x12, int8_t x13, int8_t x14, int8_t x15, int8_t x16, int8_t x17, int8_t x18, @@ -86,7 +78,7 @@ static inline core_core_arch_x86___m256i libcrux_intrinsics_avx2_mm256_set_epi8( x24, x25, x26, x27, x28, x29, x30, x31); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( +static inline core_core_arch_x86___m128i mm_set_epi8( uint8_t x0, uint8_t x1, uint8_t x2, uint8_t x3, uint8_t x4, uint8_t x5, uint8_t x6, uint8_t x7, uint8_t x8, uint8_t x9, uint8_t x10, uint8_t x11, uint8_t x12, uint8_t x13, uint8_t x14, uint8_t x15) { @@ -94,266 +86,229 @@ static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_set_epi8( x13, x14, x15); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_set_epi32(int32_t x0, int32_t x1, int32_t x2, - int32_t x3, int32_t x4, int32_t x5, - int32_t x6, int32_t x7) { +static inline core_core_arch_x86___m256i mm256_set_epi32(int32_t x0, int32_t x1, + int32_t x2, int32_t x3, + int32_t x4, int32_t x5, + int32_t x6, + int32_t x7) { return _mm256_set_epi32(x0, x1, x2, x3, x4, x5, x6, x7); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_i16(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_i16( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice a) { +static inline core_core_arch_x86___m256i mm256_loadu_si256_u8( + Eurydice_slice a) { return _mm256_loadu_si256((const __m256i*)a.ptr); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_loadu_si128( - Eurydice_slice a) { +static inline core_core_arch_x86___m128i mm_loadu_si128(Eurydice_slice a) { return _mm_loadu_si128((const __m128i*)a.ptr); } -static inline void libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_bytes_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_i16(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_slice a, core_core_arch_x86___m256i b) { +static inline void mm256_storeu_si256_u8(Eurydice_slice a, + core_core_arch_x86___m256i b) { _mm256_storeu_si256((__m256i*)a.ptr, b); } -static inline void libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice a, core_core_arch_x86___m128i b) { +static inline void mm_storeu_si128(Eurydice_slice a, + core_core_arch_x86___m128i b) { _mm_storeu_si128((__m128i*)a.ptr, b); } // Arithmetic: Add, Sub -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_add_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_add_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_add_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_add_epi16( +static inline core_core_arch_x86___m128i mm_add_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_add_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sub_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sub_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sub_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_sub_epi16( +static inline core_core_arch_x86___m128i mm_sub_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_sub_epi16(a, b); } // Arithmetic: Mul low and high, Mul-Add combinations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mulhi_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mulhi_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mul_epu32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mul_epu32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mul_epu32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_mullo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_mullo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_mullo_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mullo_epi16( +static inline core_core_arch_x86___m128i mm_mullo_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mullo_epi16(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_mulhi_epi16( +static inline core_core_arch_x86___m128i mm_mulhi_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_mulhi_epi16(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_madd_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_madd_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_madd_epi16(a, b); } // Comparison -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_cmpgt_epi16(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_cmpgt_epi16( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_cmpgt_epi16(a, b); } // Bitwise operations -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_and_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_and_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_and_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_andnot_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_andnot_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_andnot_si256(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_xor_si256(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_xor_si256( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_xor_si256(a, b); } -static inline int32_t libcrux_intrinsics_avx2_mm_movemask_epi8( - core_core_arch_x86___m128i a) { +static inline int32_t mm_movemask_epi8(core_core_arch_x86___m128i a) { return _mm_movemask_epi8(a); } // Shift operations -#define libcrux_intrinsics_avx2_mm256_srai_epi16(a, b, _) \ - (_mm256_srai_epi16(b, a)) +#define mm256_srai_epi16(a, b, _) (_mm256_srai_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi16(a, b, _) \ - (_mm256_srli_epi16(b, a)) +#define mm256_srli_epi16(a, b, _) (_mm256_srli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi16(a, b, _) \ - (_mm256_slli_epi16(b, a)) +#define mm256_slli_epi16(a, b, _) (_mm256_slli_epi16(b, a)) -#define libcrux_intrinsics_avx2_mm256_slli_epi32(a, b, _) \ - (_mm256_slli_epi32(b, a)) +#define mm256_slli_epi32(a, b, _) (_mm256_slli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_slli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_slli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_slli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_slli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_slli_epi64_(a, b)) +#define mm256_slli_epi64(a, b, c) (mm256_slli_epi64_(a, b)) -#define libcrux_intrinsics_avx2_mm256_srai_epi32(a, b, _) \ - (_mm256_srai_epi32(b, a)) +#define mm256_srai_epi32(a, b, _) (_mm256_srai_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_srli_epi32(a, b, _) \ - (_mm256_srli_epi32(b, a)) +#define mm256_srli_epi32(a, b, _) (_mm256_srli_epi32(b, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_sllv_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_sllv_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_sllv_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_srli_epi64_(int32_t a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_srli_epi64_( + int32_t a, core_core_arch_x86___m256i b) { return _mm256_srli_epi64(b, a); } -#define libcrux_intrinsics_avx2_mm256_srli_epi64(a, b, c) \ - (libcrux_intrinsics_avx2_mm256_srli_epi64_(a, b)) +#define mm256_srli_epi64(a, b, c) (mm256_srli_epi64_(a, b)) // Shuffle and Vector Interleaving -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpacklo_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpacklo_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpacklo_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi32(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_unpackhi_epi64(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_unpackhi_epi64( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_unpackhi_epi64(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_packs_epi32(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_packs_epi32( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_packs_epi32(a, b); } -static inline core_core_arch_x86___m128i libcrux_intrinsics_avx2_mm_packs_epi16( +static inline core_core_arch_x86___m128i mm_packs_epi16( core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_packs_epi16(a, b); } -#define libcrux_intrinsics_avx2_mm256_shuffle_epi32(a, b, _) \ - (_mm256_shuffle_epi32(b, a)) +#define mm256_shuffle_epi32(a, b, _) (_mm256_shuffle_epi32(b, a)) -#define libcrux_intrinsics_avx2_mm256_extracti128_si256(a, b, _) \ - (_mm256_extracti128_si256(b, a)) +#define mm256_extracti128_si256(a, b, _) (_mm256_extracti128_si256(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute4x64_epi64(a, b, _) \ - (_mm256_permute4x64_epi64(b, a)) +#define mm256_permute4x64_epi64(a, b, _) (_mm256_permute4x64_epi64(b, a)) -#define libcrux_intrinsics_avx2_mm256_permute2x128_si256(a, b, c, d) \ +#define mm256_permute2x128_si256(a, b, c, d) \ (_mm256_permute2x128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_inserti128_si256(a, b, c, _) \ - (_mm256_inserti128_si256(b, c, a)) +#define mm256_inserti128_si256(a, b, c, _) (_mm256_inserti128_si256(b, c, a)) -#define libcrux_intrinsics_avx2_mm256_blend_epi16(a, b, c, _) \ - (_mm256_blend_epi16(b, c, a)) +#define mm256_blend_epi16(a, b, c, _) (_mm256_blend_epi16(b, c, a)) -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_shuffle_epi8(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b) { +static inline core_core_arch_x86___m256i mm256_shuffle_epi8( + core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_shuffle_epi8(a, b); } -static inline core_core_arch_x86___m256i -libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( +static inline core_core_arch_x86___m256i mm256_permutevar8x32_epi32( core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { return _mm256_permutevar8x32_epi32(a, b); } -static inline core_core_arch_x86___m128i -libcrux_intrinsics_avx2_mm_shuffle_epi8(core_core_arch_x86___m128i a, - core_core_arch_x86___m128i b) { +static inline core_core_arch_x86___m128i mm_shuffle_epi8( + core_core_arch_x86___m128i a, core_core_arch_x86___m128i b) { return _mm_shuffle_epi8(a, b); } diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 86a49e1e6..51173e23c 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -4,15 +4,18 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_core.h" +/** + Return 1 if `value` is not zero and 0 otherwise. +*/ static uint8_t inz(uint8_t value) { uint16_t value0 = (uint16_t)value; uint16_t result = (((uint32_t)value0 | @@ -25,14 +28,17 @@ static uint8_t inz(uint8_t value) { static KRML_NOINLINE uint8_t is_non_zero(uint8_t value) { return inz(value); } +/** + Return 1 if the bytes of `lhs` and `rhs` do not exactly + match and 0 otherwise. +*/ static uint8_t compare(Eurydice_slice lhs, Eurydice_slice rhs) { uint8_t r = 0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(lhs, uint8_t, size_t); i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(lhs, uint8_t); i++) { size_t i0 = i; r = (uint32_t)r | - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) ^ - (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t)); + ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) ^ + (uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *)); } return is_non_zero(r); } @@ -43,6 +49,10 @@ libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( return compare(lhs, rhs); } +/** + If `selector` is not zero, return the bytes in `rhs`; return the bytes in + `lhs` otherwise. +*/ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, uint8_t ret[32U]) { uint8_t mask = core_num__u8_6__wrapping_sub(is_non_zero(selector), 1U); @@ -50,11 +60,10 @@ static void select_ct(Eurydice_slice lhs, Eurydice_slice rhs, uint8_t selector, for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE; i++) { size_t i0 = i; - out[i0] = - ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)mask) | - ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *, uint8_t) & - (uint32_t)~mask); + out[i0] = ((uint32_t)Eurydice_slice_index(lhs, i0, uint8_t, uint8_t *) & + (uint32_t)mask) | + ((uint32_t)Eurydice_slice_index(rhs, i0, uint8_t, uint8_t *) & + (uint32_t)~mask); } memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -87,15 +96,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1568 */ -libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_a31( +libcrux_ml_kem_types_MlKemPublicKey_1f libcrux_ml_kem_types_from_b6_8e1( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_1f lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -106,7 +119,7 @@ with const generics - PRIVATE_KEY_SIZE= 3168 - PUBLIC_KEY_SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_eb1( +libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_types_from_17_121( libcrux_ml_kem_types_MlKemPrivateKey_95 sk, libcrux_ml_kem_types_MlKemPublicKey_1f pk) { return ( @@ -122,12 +135,13 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 3168 */ -libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_701( +libcrux_ml_kem_types_MlKemPrivateKey_95 libcrux_ml_kem_types_from_05_db1( uint8_t value[3168U]) { - uint8_t uu____0[3168U]; - memcpy(uu____0, value, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[3168U]; + memcpy(copy_of_value, value, (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 lit; - memcpy(lit.value, uu____0, (size_t)3168U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)3168U * sizeof(uint8_t)); return lit; } @@ -140,15 +154,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_101( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( uint8_t value[1568U]) { - uint8_t uu____0[1568U]; - memcpy(uu____0, value, (size_t)1568U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1568U]; + memcpy(copy_of_value, value, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -157,7 +175,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1568 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b1( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f1( libcrux_ml_kem_types_MlKemPublicKey_1f *self) { return self->value; } @@ -171,12 +189,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_791( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -186,12 +206,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea4(Eurydice_slice slice, uint8_t ret[1600U]) { uint8_t out[1600U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1600U * sizeof(uint8_t)); } @@ -204,15 +222,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 1184 */ -libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_a30( +libcrux_ml_kem_types_MlKemPublicKey_15 libcrux_ml_kem_types_from_b6_8e0( uint8_t value[1184U]) { - uint8_t uu____0[1184U]; - memcpy(uu____0, value, (size_t)1184U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1184U]; + memcpy(copy_of_value, value, (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_15 lit; - memcpy(lit.value, uu____0, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -223,7 +245,7 @@ with const generics - PRIVATE_KEY_SIZE= 2400 - PUBLIC_KEY_SIZE= 1184 */ -libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_eb0( +libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_types_from_17_120( libcrux_ml_kem_types_MlKemPrivateKey_55 sk, libcrux_ml_kem_types_MlKemPublicKey_15 pk) { return ( @@ -239,12 +261,13 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 2400 */ -libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_700( +libcrux_ml_kem_types_MlKemPrivateKey_55 libcrux_ml_kem_types_from_05_db0( uint8_t value[2400U]) { - uint8_t uu____0[2400U]; - memcpy(uu____0, value, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[2400U]; + memcpy(copy_of_value, value, (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 lit; - memcpy(lit.value, uu____0, (size_t)2400U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)2400U * sizeof(uint8_t)); return lit; } @@ -257,15 +280,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_100( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( uint8_t value[1088U]) { - uint8_t uu____0[1088U]; - memcpy(uu____0, value, (size_t)1088U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1088U]; + memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext lit; - memcpy(lit.value, uu____0, (size_t)1088U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1088U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -274,7 +301,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 1184 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b0( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f0( libcrux_ml_kem_types_MlKemPublicKey_15 *self) { return self->value; } @@ -288,12 +315,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_790( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { - return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -303,12 +332,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea3(Eurydice_slice slice, uint8_t ret[1120U]) { uint8_t out[1120U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)1120U * sizeof(uint8_t)); } @@ -321,15 +348,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_b6 with const generics - SIZE= 800 */ -libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_a3( +libcrux_ml_kem_types_MlKemPublicKey_be libcrux_ml_kem_types_from_b6_8e( uint8_t value[800U]) { - uint8_t uu____0[800U]; - memcpy(uu____0, value, (size_t)800U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[800U]; + memcpy(copy_of_value, value, (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPublicKey_be lit; - memcpy(lit.value, uu____0, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Create a new [`MlKemKeyPair`] from the secret and public key. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemKeyPair} @@ -340,7 +371,7 @@ with const generics - PRIVATE_KEY_SIZE= 1632 - PUBLIC_KEY_SIZE= 800 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_eb( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_types_from_17_12( libcrux_ml_kem_types_MlKemPrivateKey_5e sk, libcrux_ml_kem_types_MlKemPublicKey_be pk) { return (CLITERAL(libcrux_ml_kem_types_MlKemKeyPair_cb){.sk = sk, .pk = pk}); @@ -355,12 +386,13 @@ A monomorphic instance of libcrux_ml_kem.types.from_05 with const generics - SIZE= 1632 */ -libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_70( +libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( uint8_t value[1632U]) { - uint8_t uu____0[1632U]; - memcpy(uu____0, value, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[1632U]; + memcpy(copy_of_value, value, (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e lit; - memcpy(lit.value, uu____0, (size_t)1632U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)1632U * sizeof(uint8_t)); return lit; } @@ -373,15 +405,19 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_10( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( uint8_t value[768U]) { - uint8_t uu____0[768U]; - memcpy(uu____0, value, (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_value[768U]; + memcpy(copy_of_value, value, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 lit; - memcpy(lit.value, uu____0, (size_t)768U * sizeof(uint8_t)); + memcpy(lit.value, copy_of_value, (size_t)768U * sizeof(uint8_t)); return lit; } +/** + A reference to the raw byte slice. +*/ /** This function found in impl {libcrux_ml_kem::types::MlKemPublicKey#18} */ @@ -390,11 +426,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_cb with const generics - SIZE= 800 */ -uint8_t *libcrux_ml_kem_types_as_slice_cb_3b( +uint8_t *libcrux_ml_kem_types_as_slice_cb_6f( libcrux_ml_kem_types_MlKemPublicKey_be *self) { return self->value; } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -404,12 +443,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]) { uint8_t out[33U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } @@ -433,6 +470,9 @@ void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { } } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -442,12 +482,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea1(Eurydice_slice slice, uint8_t ret[34U]) { uint8_t out[34U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)34U * sizeof(uint8_t)); } @@ -460,12 +498,14 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_79( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { - return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t, - Eurydice_slice); + return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -475,15 +515,16 @@ void libcrux_ml_kem_utils_into_padded_array_ea0(Eurydice_slice slice, uint8_t ret[800U]) { uint8_t out[800U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)800U * sizeof(uint8_t)); } +/** + Pad the `slice` with `0`s at the end. +*/ /** A monomorphic instance of libcrux_ml_kem.utils.into_padded_array with const generics @@ -493,12 +534,10 @@ void libcrux_ml_kem_utils_into_padded_array_ea(Eurydice_slice slice, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; uint8_t *uu____0 = out; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_subslice2( - uu____0, (size_t)0U, - core_slice___Slice_T___len(slice, uint8_t, size_t), uint8_t, - Eurydice_slice), - slice, uint8_t, void *); + Eurydice_slice_copy( + Eurydice_array_to_subslice2(uu____0, (size_t)0U, + Eurydice_slice_len(slice, uint8_t), uint8_t), + slice, uint8_t); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index 4265e7e36..b527d22f6 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 276b5327d..59edf1b4e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 5b6502758..432eb7c2c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem1024_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -35,20 +38,30 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_d5( +static void decapsulate_cd( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_260(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_d5(private_key, ciphertext, ret); + decapsulate_cd(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -70,18 +83,25 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_05( +static void decapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_260(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_05(private_key, ciphertext, ret); + decapsulate_unpacked_ea(private_key, ciphertext, ret); } /** @@ -101,24 +121,36 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_b7( +static tuple_21 encapsulate_32( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_010(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_b7(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_32(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -137,26 +169,42 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_ed( +static tuple_21 encapsulate_unpacked_14( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_360(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_720(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ed(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_14(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -168,20 +216,28 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_80( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_88( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_990(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_0d0(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_80(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_88(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -195,20 +251,29 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_290(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uu____0); +generate_keypair_unpacked_af(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_290(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_af(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -217,14 +282,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_930(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6c0(public_key); +static bool validate_public_key_520(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f90(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_930(public_key.value)) { + if (validate_public_key_520(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index f70175faf..02a1e0ab9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem1024_avx2_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c index 8f38be0c7..c95f9f673 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem1024_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -42,6 +45,13 @@ static void decapsulate_f8( libcrux_ml_kem_ind_cca_decapsulate_82(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -49,6 +59,9 @@ void libcrux_ml_kem_mlkem1024_neon_decapsulate( decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -77,6 +90,13 @@ static void decapsulate_unpacked_c2( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, @@ -105,20 +125,32 @@ static tuple_21 encapsulate_6b( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_28(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6b(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_6b(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -142,21 +174,37 @@ static tuple_21 encapsulate_unpacked_1c( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_47(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_1c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_1c(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -170,18 +218,26 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_91( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_72(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_72(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_91(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_91(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -196,19 +252,28 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c generate_keypair_unpacked_87(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_87(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_87(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -221,6 +286,11 @@ static bool validate_public_key_a3(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h index dc1d1a4be..1ed96ad65 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem1024_neon_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_2c *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_2c libcrux_ml_kem_mlkem1024_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 2b84bcdbd..1cb401481 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem1024_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,20 +38,30 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_8b( +static void decapsulate_ee( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_241(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b21(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_8b(private_key, ciphertext, ret); + decapsulate_ee(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -70,18 +83,25 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_f3( +static void decapsulate_unpacked_28( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_751(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_441(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_f3(private_key, ciphertext, ret); + decapsulate_unpacked_28(private_key, ciphertext, ret); } /** @@ -101,24 +121,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_83( +static tuple_21 encapsulate_1a( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fa1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_83(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_1a(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -137,26 +169,42 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_f4( +static tuple_21 encapsulate_unpacked_4e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f4(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_4e(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -169,20 +217,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_a9( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_00( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ef1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_f91(copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_a9(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_00(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -196,20 +252,29 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_10(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uu____0); +generate_keypair_unpacked_b3(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + copy_of_randomness); } +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_10(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_b3(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -218,14 +283,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_4d1(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_601(public_key); +static bool validate_public_key_9d1(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c21(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_4d1(public_key.value)) { + if (validate_public_key_9d1(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 8ea6c71ad..18df930ab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem1024_portable_H @@ -22,29 +22,71 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 1024 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem1024PrivateKey`] and an + [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 1024 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem1024KeyPairUnpacked`] and an [`MlKem1024Ciphertext`]. +*/ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 1024 + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem1024PublicKey`] and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 1024 (unpacked) + + Generates an ([`MlKem1024Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem1024PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. + TODO: The F* prefix opens required modules, it should go away when the + following issue is resolved: https://github.com/hacspec/hax/issues/770 +*/ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 1024 Key Pair +*/ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair libcrux_ml_kem_mlkem1024_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 1024 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_99 libcrux_ml_kem_mlkem1024_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 06d05903b..6c5fa87f5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index d6917cf59..5367ea6e2 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem512_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -35,18 +38,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f1(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_4f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_26(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f1(private_key, ciphertext, ret); + decapsulate_4f(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_4e( +static void decapsulate_unpacked_d3( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_26(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_4e(private_key, ciphertext, ret); + decapsulate_unpacked_d3(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_ab( +static tuple_ec encapsulate_a5( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_01(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ab(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_a5(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_dc( +static tuple_ec encapsulate_unpacked_bd( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_36(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_72(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_dc(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_bd(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -164,20 +210,28 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_d4( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ab( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_99(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_0d(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_d4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_ab(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -191,20 +245,29 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_29(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uu____0); +generate_keypair_unpacked_d6(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_29(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_d6(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -213,14 +276,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_93(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6c(public_key); +static bool validate_public_key_52(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_93(public_key.value)) { + if (validate_public_key_52(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index 36f5a4f09..de016f75b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem512_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c index 906114e72..5b9b0ad47 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem512_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_55(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_ind_cca_decapsulate_821(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_55(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_53( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec1(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { @@ -101,20 +121,32 @@ static tuple_ec encapsulate_f8( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_281(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_f8(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_f8(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -138,21 +170,35 @@ static tuple_ec encapsulate_unpacked_ce( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_471(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ce(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_ce(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -166,18 +212,26 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_1a( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_721(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_721(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1a(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1a(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -192,19 +246,28 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 generate_keypair_unpacked_38(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_38(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_38(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +280,11 @@ static bool validate_public_key_a31(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e1(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h index 67f26b584..211c714fc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem512_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_66 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_66 libcrux_ml_kem_mlkem512_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index e6ed7f596..cf889ae06 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem512_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -38,15 +41,25 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_240(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { decapsulate_f8(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_1e( +static void decapsulate_unpacked_0c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_750(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_440(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_1e(private_key, ciphertext, ret); + decapsulate_unpacked_0c(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_6e( +static tuple_ec encapsulate_33( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fa0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_6e(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_33(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_ae( +static tuple_ec encapsulate_unpacked_f7( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_ae(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_f7(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -165,20 +211,28 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_65( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_68( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ef0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_f90(copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_65(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_68(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -192,20 +246,29 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_16(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uu____0); +generate_keypair_unpacked_fe(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + copy_of_randomness); } +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_16(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_fe(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -214,14 +277,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_4d0(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_600(public_key); +static bool validate_public_key_9d0(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c20(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_4d0(public_key.value)) { + if (validate_public_key_9d0(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index b307dbf3b..3ca4b0b85 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem512_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 512 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem512PrivateKey`] and an + [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 512 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem512KeyPairUnpacked`] and an [`MlKem512Ciphertext`]. +*/ void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 512 + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem512PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 512 (unpacked) + + Generates an ([`MlKem512Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem512PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 512 Key Pair +*/ libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_mlkem512_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 512 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_04 libcrux_ml_kem_mlkem512_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 14d7b3864..645dd5ef8 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 170f11724..576acabef 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem768_avx2.h" #include "internal/libcrux_mlkem_avx2.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate with const generics @@ -35,18 +38,28 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_0b( +static void decapsulate_99( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_261(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b61(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_0b(private_key, ciphertext, ret); + decapsulate_99(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_3f( +static void decapsulate_unpacked_25( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_261(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_3f(private_key, ciphertext, ret); + decapsulate_unpacked_25(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_98( +static tuple_3c encapsulate_60( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_011(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_e61(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_98(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_60(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_be( +static tuple_3c encapsulate_unpacked_27( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_361(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_721(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_be(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_27(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics @@ -164,20 +210,28 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_32( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c0( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_991(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_0d1(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_32(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_c0(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair_unpacked with const @@ -191,20 +245,29 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_09(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uu____0); +generate_keypair_unpacked_0b(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_09(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_0b(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.avx2.validate_public_key with const @@ -213,14 +276,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_931(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_6c1(public_key); +static bool validate_public_key_521(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_f91(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_931(public_key.value)) { + if (validate_public_key_521(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 860111581..8c8af3f91 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem768_avx2_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_avx2.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c index f7f161a44..c252832a1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #include "libcrux_mlkem768_neon.h" #include "internal/libcrux_mlkem_neon.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate with const generics @@ -41,12 +44,22 @@ static void decapsulate_67( libcrux_ml_kem_ind_cca_decapsulate_820(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { decapsulate_67(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.decapsulate_unpacked with const @@ -74,6 +87,13 @@ static void decapsulate_unpacked_70( libcrux_ml_kem_ind_cca_decapsulate_unpacked_ec0(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -101,20 +121,32 @@ static tuple_3c encapsulate_ea( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_280(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_ea(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_ea(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.encapsulate_unpacked with const @@ -138,21 +170,35 @@ static tuple_3c encapsulate_unpacked_29( uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_470(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_29(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_29(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics @@ -166,18 +212,26 @@ libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair with const generics */ static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_1b( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_720(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_720(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_1b(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_1b(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.generate_keypair_unpacked with const @@ -192,19 +246,28 @@ generics */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd generate_keypair_unpacked_42(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_42(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_42(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.neon.validate_public_key with const @@ -217,6 +280,11 @@ static bool validate_public_key_a30(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_7e0(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h index 4bbf14bf5..aaf2756d9 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 45b95e0f63cb830202c0b3ca00a341a3451a02ba - * Eurydice: be0d5b5e1455673c2afa9592c0951def463f59ec - * Karamel: fc56fce6a58754766809845f88fc62063b2c6b92 + * Charon: 53530427db2941ce784201e64086766504bc5642 + * Eurydice: 7834acbb41b06c34f198a1cb6b88241cc10b9aeb + * Karamel: bdf06956e6ee025d4819bf2f8cc92651e572ad85 * F*: e5cef6f266ece8a8b55ef4cd9b61cdf103520d38 - * Libcrux: cb6da975011a1d6dfeaa6215d63a56d043b522b5 + * Libcrux: d5574e8f6c62bf622ab6b61c291abeb66c1b7221 */ #ifndef __libcrux_mlkem768_neon_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_neon.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_neon_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_neon_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_fd *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_neon_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_fd libcrux_ml_kem_mlkem768_neon_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_neon_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index 145cf96c6..f8904ea1a 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -4,17 +4,20 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem768_portable.h" #include "internal/libcrux_mlkem_portable.h" +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics @@ -35,18 +38,28 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_7d( +static void decapsulate_e7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_24(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_7d(private_key, ciphertext, ret); + decapsulate_e7(private_key, ciphertext, ret); } +/** + Portable decapsulate +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate_unpacked with const @@ -68,16 +81,23 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_c8( +static void decapsulate_unpacked_bd( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_75(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_44(key_pair, ciphertext, ret); } +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_c8(private_key, ciphertext, ret); + decapsulate_unpacked_bd(private_key, ciphertext, ret); } /** @@ -97,24 +117,36 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_72( +static tuple_3c encapsulate_fd( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_fa(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_72(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_fd(uu____0, copy_of_randomness); } +/** + Portable encapsualte +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate_unpacked with const @@ -133,26 +165,40 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_c9( +static tuple_3c encapsulate_unpacked_e9( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, + copy_of_randomness); } +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = public_key; - uint8_t uu____1[32U]; - memcpy(uu____1, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_c9(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); + return encapsulate_unpacked_e9(uu____0, copy_of_randomness); } +/** + Portable generate key pair. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair with const @@ -165,20 +211,28 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_21( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c1( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_ef(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_f9(copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_21(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_c1(copy_of_randomness); } +/** + Unpacked API +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.generate_keypair_unpacked with @@ -192,20 +246,29 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_2a(uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uu____0); +generate_keypair_unpacked_78(uint8_t randomness[64U]) { + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + copy_of_randomness); } +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]) { - uint8_t uu____0[64U]; - memcpy(uu____0, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_2a(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[64U]; + memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); + return generate_keypair_unpacked_78(copy_of_randomness); } +/** + Portable public key validation +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.instantiations.portable.validate_public_key with const @@ -214,14 +277,19 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_4d(uint8_t *public_key) { - return libcrux_ml_kem_ind_cca_validate_public_key_60(public_key); +static bool validate_public_key_9d(uint8_t *public_key) { + return libcrux_ml_kem_ind_cca_validate_public_key_c2(public_key); } +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_4d(public_key.value)) { + if (validate_public_key_9d(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 4ed073607..9251372d3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem768_portable_H @@ -22,29 +22,69 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_mlkem_portable.h" +/** + Decapsulate ML-KEM 768 + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an [`MlKem768PrivateKey`] and an + [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Decapsulate ML-KEM 768 (unpacked) + + Generates an [`MlKemSharedSecret`]. + The input is a reference to an unpacked key pair of type + [`MlKem768KeyPairUnpacked`] and an [`MlKem768Ciphertext`]. +*/ void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); +/** + Encapsulate ML-KEM 768 + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an [`MlKem768PublicKey`] and [`SHARED_SECRET_SIZE`] + bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); +/** + Encapsulate ML-KEM 768 (unpacked) + + Generates an ([`MlKem768Ciphertext`], [`MlKemSharedSecret`]) tuple. + The input is a reference to an unpacked public key of type + [`MlKem768PublicKeyUnpacked`], the SHA3-256 hash of this public key, and + [`SHARED_SECRET_SIZE`] bytes of `randomness`. +*/ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); +/** + Generate ML-KEM 768 Key Pair +*/ libcrux_ml_kem_mlkem768_MlKem768KeyPair libcrux_ml_kem_mlkem768_portable_generate_key_pair(uint8_t randomness[64U]); +/** + Generate ML-KEM 768 Key Pair in "unpacked" form +*/ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( uint8_t randomness[64U]); +/** + Validate a public key. + + Returns `Some(public_key)` if valid, and `None` otherwise. +*/ core_option_Option_92 libcrux_ml_kem_mlkem768_portable_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key); diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index ed6975218..105b03788 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_mlkem_avx2.h" @@ -21,8 +21,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -30,43 +29,40 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_zero(void) { - return libcrux_intrinsics_avx2_mm256_setzero_si256(); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_zero(void) { + return mm256_setzero_si256(); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void) { return libcrux_ml_kem_vector_avx2_zero(); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array) { - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16(array); + return mm256_loadu_si256_i16(array); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array) { +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array) { return libcrux_ml_kem_vector_avx2_from_i16_array(array); } -KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( - core_core_arch_x86___m256i v, int16_t ret[16U]) { +KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, + int16_t ret[16U]) { int16_t output[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, output, int16_t, Eurydice_slice), v); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, output, int16_t), + v); memcpy(ret, output, (size_t)16U * sizeof(int16_t)); } @@ -74,564 +70,452 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_to_i16_array( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]) { +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]) { libcrux_ml_kem_vector_avx2_to_i16_array(x, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_add(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, + __m256i rhs) { + return mm256_add_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_add(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_sub(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs) { - return libcrux_intrinsics_avx2_mm256_sub_epi16(lhs, rhs); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, + __m256i rhs) { + return mm256_sub_epi16(lhs, rhs); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs) { +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs) { return libcrux_ml_kem_vector_avx2_arithmetic_sub(lhs, rhs[0U]); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_mullo_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(__m256i vector, + int16_t constant) { + return mm256_mullo_epi16(vector, mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c) { +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c) { return libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant(v, c); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - return libcrux_intrinsics_avx2_mm256_and_si256( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16(constant)); + __m256i vector, int16_t constant) { + return mm256_and_si256(vector, mm256_set1_epi16(constant)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i v_minus_field_modulus = - libcrux_intrinsics_avx2_mm256_sub_epi16(vector, field_modulus); - core_core_arch_x86___m256i sign_mask = - libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, v_minus_field_modulus, core_core_arch_x86___m256i); - core_core_arch_x86___m256i conditional_add_field_modulus = - libcrux_intrinsics_avx2_mm256_and_si256(sign_mask, field_modulus); - return libcrux_intrinsics_avx2_mm256_add_epi16(v_minus_field_modulus, - conditional_add_field_modulus); +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i v_minus_field_modulus = mm256_sub_epi16(vector, field_modulus); + __m256i sign_mask = + mm256_srai_epi16((int32_t)15, v_minus_field_modulus, __m256i); + __m256i conditional_add_field_modulus = + mm256_and_si256(sign_mask, field_modulus); + return mm256_add_epi16(v_minus_field_modulus, conditional_add_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i t = libcrux_intrinsics_avx2_mm256_mulhi_epi16( - vector, libcrux_intrinsics_avx2_mm256_set1_epi16( +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector) { + __m256i t = mm256_mulhi_epi16( + vector, mm256_set1_epi16( LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER)); - core_core_arch_x86___m256i t0 = libcrux_intrinsics_avx2_mm256_add_epi16( - t, libcrux_intrinsics_avx2_mm256_set1_epi16((int16_t)512)); - core_core_arch_x86___m256i quotient = - libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)10, t0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i quotient_times_field_modulus = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - quotient, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - return libcrux_intrinsics_avx2_mm256_sub_epi16(vector, - quotient_times_field_modulus); + __m256i t0 = mm256_add_epi16(t, mm256_set1_epi16((int16_t)512)); + __m256i quotient = mm256_srai_epi16((int32_t)10, t0, __m256i); + __m256i quotient_times_field_modulus = mm256_mullo_epi16( + quotient, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + return mm256_sub_epi16(vector, quotient_times_field_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant) { - core_core_arch_x86___m256i constant0 = - libcrux_intrinsics_avx2_mm256_set1_epi16(constant); - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(vector, constant0); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i vector, int16_t constant) { + __m256i constant0 = mm256_set1_epi16(constant); + __m256i value_low = mm256_mullo_epi16(vector, constant0); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(vector, constant0); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(vector, constant0); + return mm256_sub_epi16(value_high, k_times_modulus); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant) { +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant) { return libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( vector, constant); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)2); - core_core_arch_x86___m256i field_modulus_quartered = - libcrux_intrinsics_avx2_mm256_set1_epi16( - (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / - (int16_t)4); - core_core_arch_x86___m256i shifted = - libcrux_intrinsics_avx2_mm256_sub_epi16(field_modulus_halved, vector); - core_core_arch_x86___m256i mask = libcrux_intrinsics_avx2_mm256_srai_epi16( - (int32_t)15, shifted, core_core_arch_x86___m256i); - core_core_arch_x86___m256i shifted_to_positive = - libcrux_intrinsics_avx2_mm256_xor_si256(mask, shifted); - core_core_arch_x86___m256i shifted_to_positive_in_range = - libcrux_intrinsics_avx2_mm256_sub_epi16(shifted_to_positive, - field_modulus_quartered); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, shifted_to_positive_in_range, core_core_arch_x86___m256i); + __m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)2); + __m256i field_modulus_quartered = mm256_set1_epi16( + (LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int16_t)1) / (int16_t)4); + __m256i shifted = mm256_sub_epi16(field_modulus_halved, vector); + __m256i mask = mm256_srai_epi16((int32_t)15, shifted, __m256i); + __m256i shifted_to_positive = mm256_xor_si256(mask, shifted); + __m256i shifted_to_positive_in_range = + mm256_sub_epi16(shifted_to_positive, field_modulus_quartered); + return mm256_srli_epi16((int32_t)15, shifted_to_positive_in_range, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector) { +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( vector); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs) { - core_core_arch_x86___m256i prod02 = - libcrux_intrinsics_avx2_mm256_mul_epu32(lhs, rhs); - core_core_arch_x86___m256i prod13 = libcrux_intrinsics_avx2_mm256_mul_epu32( - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, lhs, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_shuffle_epi32((int32_t)245, rhs, - core_core_arch_x86___m256i)); - return libcrux_intrinsics_avx2_mm256_unpackhi_epi64( - libcrux_intrinsics_avx2_mm256_unpacklo_epi32(prod02, prod13), - libcrux_intrinsics_avx2_mm256_unpackhi_epi32(prod02, prod13)); +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( + __m256i lhs, __m256i rhs) { + __m256i prod02 = mm256_mul_epu32(lhs, rhs); + __m256i prod13 = + mm256_mul_epu32(mm256_shuffle_epi32((int32_t)245, lhs, __m256i), + mm256_shuffle_epi32((int32_t)245, rhs, __m256i)); + return mm256_unpackhi_epi64(mm256_unpacklo_epi32(prod02, prod13), + mm256_unpackhi_epi32(prod02, prod13)); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c) { - core_core_arch_x86___m256i value_low = - libcrux_intrinsics_avx2_mm256_mullo_epi16(v, c); - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( + __m256i v, __m256i c) { + __m256i value_low = mm256_mullo_epi16(v, c); + __m256i k = mm256_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm256_set1_epi16( + mm256_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, zeta2, zeta2, -zeta1, - -zeta1, zeta1, zeta1, -zeta0, -zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_mulhi_epi16(v, c); + return mm256_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i zetas = mm256_set_epi16(-zeta3, -zeta3, zeta3, zeta3, -zeta2, -zeta2, + zeta2, zeta2, -zeta1, -zeta1, zeta1, zeta1, + -zeta0, -zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step(vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i zetas = libcrux_intrinsics_avx2_mm256_set_epi16( - -zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, zeta1, zeta1, -zeta0, - -zeta0, -zeta0, -zeta0, zeta0, zeta0, zeta0, zeta0); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)238, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i zetas = mm256_set_epi16(-zeta1, -zeta1, -zeta1, -zeta1, zeta1, zeta1, + zeta1, zeta1, -zeta0, -zeta0, -zeta0, -zeta0, + zeta0, zeta0, zeta0, zeta0); + __m256i rhs = mm256_shuffle_epi32((int32_t)238, vector, __m256i); + __m256i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( rhs, zetas); - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)68, vector, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); + __m256i lhs = mm256_shuffle_epi32((int32_t)68, vector, __m256i); + return mm256_add_epi16(lhs, rhs0); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m128i +KRML_MUSTINLINE __m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c) { - core_core_arch_x86___m128i value_low = - libcrux_intrinsics_avx2_mm_mullo_epi16(v, c); - core_core_arch_x86___m128i k = libcrux_intrinsics_avx2_mm_mullo_epi16( + __m128i v, __m128i c) { + __m128i value_low = mm_mullo_epi16(v, c); + __m128i k = mm_mullo_epi16( value_low, - libcrux_intrinsics_avx2_mm_set1_epi16( + mm_set1_epi16( (int16_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m128i k_times_modulus = - libcrux_intrinsics_avx2_mm_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m128i value_high = - libcrux_intrinsics_avx2_mm_mulhi_epi16(v, c); - return libcrux_intrinsics_avx2_mm_sub_epi16(value_high, k_times_modulus); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs0 = + __m128i k_times_modulus = mm_mulhi_epi16( + k, mm_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m128i value_high = mm_mulhi_epi16(v, c); + return mm_sub_epi16(value_high, k_times_modulus); +} + +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, int16_t zeta) { + __m128i rhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - rhs, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs0); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs0); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients, core_core_arch_x86___m256i); + rhs, mm_set1_epi16(zeta)); + __m128i lhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs0); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs0); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i lhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, - (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum0 = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i lhs = mm256_shuffle_epi32((int32_t)245, vector, __m256i); + __m256i rhs = mm256_shuffle_epi32((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1)); + __m256i sum0 = mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum0, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, - (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, - (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); - core_core_arch_x86___m256i sum = - libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)204, sum, sum_times_zetas, core_core_arch_x86___m256i); + sum0, + mm256_set_epi16(zeta3, zeta3, (int16_t)0, (int16_t)0, zeta2, zeta2, + (int16_t)0, (int16_t)0, zeta1, zeta1, (int16_t)0, + (int16_t)0, zeta0, zeta0, (int16_t)0, (int16_t)0)); + __m256i sum = libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(sum0); + return mm256_blend_epi16((int32_t)204, sum, sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( vector, zeta0, zeta1, zeta2, zeta3); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { - core_core_arch_x86___m256i lhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)245, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)160, vector, core_core_arch_x86___m256i); - core_core_arch_x86___m256i rhs0 = libcrux_intrinsics_avx2_mm256_mullo_epi16( - rhs, libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)1, - (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)-1, (int16_t)-1, - (int16_t)-1, (int16_t)-1, (int16_t)1, (int16_t)1, (int16_t)1, - (int16_t)1)); - core_core_arch_x86___m256i sum = - libcrux_intrinsics_avx2_mm256_add_epi16(lhs, rhs0); - core_core_arch_x86___m256i sum_times_zetas = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( + __m256i vector, int16_t zeta0, int16_t zeta1) { + __m256i lhs = mm256_permute4x64_epi64((int32_t)245, vector, __m256i); + __m256i rhs = mm256_permute4x64_epi64((int32_t)160, vector, __m256i); + __m256i rhs0 = mm256_mullo_epi16( + rhs, mm256_set_epi16((int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1, + (int16_t)-1, (int16_t)-1, (int16_t)-1, (int16_t)-1, + (int16_t)1, (int16_t)1, (int16_t)1, (int16_t)1)); + __m256i sum = mm256_add_epi16(lhs, rhs0); + __m256i sum_times_zetas = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - sum, libcrux_intrinsics_avx2_mm256_set_epi16( - zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, - (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, - (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); - return libcrux_intrinsics_avx2_mm256_blend_epi16( - (int32_t)240, sum, sum_times_zetas, core_core_arch_x86___m256i); + sum, + mm256_set_epi16(zeta1, zeta1, zeta1, zeta1, (int16_t)0, (int16_t)0, + (int16_t)0, (int16_t)0, zeta0, zeta0, zeta0, zeta0, + (int16_t)0, (int16_t)0, (int16_t)0, (int16_t)0)); + return mm256_blend_epi16((int32_t)240, sum, sum_times_zetas, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(vector, zeta0, zeta1); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta) { - core_core_arch_x86___m128i lhs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m128i rhs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_add_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_sub_epi16(lhs, rhs); - core_core_arch_x86___m128i upper_coefficients0 = +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( + __m256i vector, int16_t zeta) { + __m128i lhs = mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m128i rhs = mm256_castsi256_si128(vector); + __m128i lower_coefficients = mm_add_epi16(lhs, rhs); + __m128i upper_coefficients = mm_sub_epi16(lhs, rhs); + __m128i upper_coefficients0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - upper_coefficients, libcrux_intrinsics_avx2_mm_set1_epi16(zeta)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients); - return libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, combined, upper_coefficients0, core_core_arch_x86___m256i); + upper_coefficients, mm_set1_epi16(zeta)); + __m256i combined = mm256_castsi128_si256(lower_coefficients); + return mm256_inserti128_si256((int32_t)1, combined, upper_coefficients0, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta) { +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta) { return libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(vector, zeta); } -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v) { - core_core_arch_x86___m256i k = libcrux_intrinsics_avx2_mm256_mullo_epi16( +KRML_MUSTINLINE __m256i +libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v) { + __m256i k = mm256_mullo_epi16( v, - libcrux_intrinsics_avx2_mm256_set1_epi32( + mm256_set1_epi32( (int32_t) LIBCRUX_ML_KEM_VECTOR_TRAITS_INVERSE_OF_MODULUS_MOD_MONTGOMERY_R)); - core_core_arch_x86___m256i k_times_modulus = - libcrux_intrinsics_avx2_mm256_mulhi_epi16( - k, libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); - core_core_arch_x86___m256i value_high = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)16, v, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i result = - libcrux_intrinsics_avx2_mm256_sub_epi16(value_high, k_times_modulus); - core_core_arch_x86___m256i result0 = libcrux_intrinsics_avx2_mm256_slli_epi32( - (int32_t)16, result, core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_srai_epi32((int32_t)16, result0, - core_core_arch_x86___m256i); -} - -KRML_MUSTINLINE core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(core_core_arch_x86___m256i lhs, - core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3) { - core_core_arch_x86___m256i shuffle_with = - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, - (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, - (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, - (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, - (int8_t)1, (int8_t)0); - core_core_arch_x86___m256i lhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(lhs, shuffle_with); - core_core_arch_x86___m256i lhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, lhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lhs_shuffled0); - core_core_arch_x86___m256i lhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_evens); - core_core_arch_x86___m128i lhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i lhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(lhs_odds); - core_core_arch_x86___m256i rhs_shuffled = - libcrux_intrinsics_avx2_mm256_shuffle_epi8(rhs, shuffle_with); - core_core_arch_x86___m256i rhs_shuffled0 = - libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, rhs_shuffled, core_core_arch_x86___m256i); - core_core_arch_x86___m128i rhs_evens = - libcrux_intrinsics_avx2_mm256_castsi256_si128(rhs_shuffled0); - core_core_arch_x86___m256i rhs_evens0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_evens); - core_core_arch_x86___m128i rhs_odds = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, rhs_shuffled0, core_core_arch_x86___m128i); - core_core_arch_x86___m256i rhs_odds0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(rhs_odds); - core_core_arch_x86___m256i left = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_evens0, rhs_evens0); - core_core_arch_x86___m256i right = - libcrux_intrinsics_avx2_mm256_mullo_epi32(lhs_odds0, rhs_odds0); - core_core_arch_x86___m256i right0 = + __m256i k_times_modulus = mm256_mulhi_epi16( + k, mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS)); + __m256i value_high = mm256_srli_epi32((int32_t)16, v, __m256i); + __m256i result = mm256_sub_epi16(value_high, k_times_modulus); + __m256i result0 = mm256_slli_epi32((int32_t)16, result, __m256i); + return mm256_srai_epi32((int32_t)16, result0, __m256i); +} + +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( + __m256i lhs, __m256i rhs, int16_t zeta0, int16_t zeta1, int16_t zeta2, + int16_t zeta3) { + __m256i shuffle_with = mm256_set_epi8( + (int8_t)15, (int8_t)14, (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, + (int8_t)3, (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)1, (int8_t)0, (int8_t)15, (int8_t)14, + (int8_t)11, (int8_t)10, (int8_t)7, (int8_t)6, (int8_t)3, (int8_t)2, + (int8_t)13, (int8_t)12, (int8_t)9, (int8_t)8, (int8_t)5, (int8_t)4, + (int8_t)1, (int8_t)0); + __m256i lhs_shuffled = mm256_shuffle_epi8(lhs, shuffle_with); + __m256i lhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, lhs_shuffled, __m256i); + __m128i lhs_evens = mm256_castsi256_si128(lhs_shuffled0); + __m256i lhs_evens0 = mm256_cvtepi16_epi32(lhs_evens); + __m128i lhs_odds = + mm256_extracti128_si256((int32_t)1, lhs_shuffled0, __m128i); + __m256i lhs_odds0 = mm256_cvtepi16_epi32(lhs_odds); + __m256i rhs_shuffled = mm256_shuffle_epi8(rhs, shuffle_with); + __m256i rhs_shuffled0 = + mm256_permute4x64_epi64((int32_t)216, rhs_shuffled, __m256i); + __m128i rhs_evens = mm256_castsi256_si128(rhs_shuffled0); + __m256i rhs_evens0 = mm256_cvtepi16_epi32(rhs_evens); + __m128i rhs_odds = + mm256_extracti128_si256((int32_t)1, rhs_shuffled0, __m128i); + __m256i rhs_odds0 = mm256_cvtepi16_epi32(rhs_odds); + __m256i left = mm256_mullo_epi32(lhs_evens0, rhs_evens0); + __m256i right = mm256_mullo_epi32(lhs_odds0, rhs_odds0); + __m256i right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(right); - core_core_arch_x86___m256i right1 = libcrux_intrinsics_avx2_mm256_mullo_epi32( - right0, - libcrux_intrinsics_avx2_mm256_set_epi32( - -(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, (int32_t)zeta2, - -(int32_t)zeta1, (int32_t)zeta1, -(int32_t)zeta0, (int32_t)zeta0)); - core_core_arch_x86___m256i products_left = - libcrux_intrinsics_avx2_mm256_add_epi32(left, right1); - core_core_arch_x86___m256i products_left0 = + __m256i right1 = mm256_mullo_epi32( + right0, mm256_set_epi32(-(int32_t)zeta3, (int32_t)zeta3, -(int32_t)zeta2, + (int32_t)zeta2, -(int32_t)zeta1, (int32_t)zeta1, + -(int32_t)zeta0, (int32_t)zeta0)); + __m256i products_left = mm256_add_epi32(left, right1); + __m256i products_left0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_left); - core_core_arch_x86___m256i rhs_adjacent_swapped = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - rhs, libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, - (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, - (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, - (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, - (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, - (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, - (int8_t)3, (int8_t)2)); - core_core_arch_x86___m256i products_right = - libcrux_intrinsics_avx2_mm256_madd_epi16(lhs, rhs_adjacent_swapped); - core_core_arch_x86___m256i products_right0 = + __m256i rhs_adjacent_swapped = mm256_shuffle_epi8( + rhs, + mm256_set_epi8((int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, (int8_t)9, + (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, (int8_t)4, + (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, (int8_t)3, + (int8_t)2, (int8_t)13, (int8_t)12, (int8_t)15, (int8_t)14, + (int8_t)9, (int8_t)8, (int8_t)11, (int8_t)10, (int8_t)5, + (int8_t)4, (int8_t)7, (int8_t)6, (int8_t)1, (int8_t)0, + (int8_t)3, (int8_t)2)); + __m256i products_right = mm256_madd_epi16(lhs, rhs_adjacent_swapped); + __m256i products_right0 = libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( products_right); - core_core_arch_x86___m256i products_right1 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)16, products_right0, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_blend_epi16((int32_t)170, products_left0, - products_right1, - core_core_arch_x86___m256i); + __m256i products_right1 = + mm256_slli_epi32((int32_t)16, products_right0, __m256i); + return mm256_blend_epi16((int32_t)170, products_left0, products_right1, + __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3) { +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3) { return libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(lhs[0U], rhs[0U], zeta0, zeta1, zeta2, zeta3); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { - core_core_arch_x86___m256i lsb_to_msb = - libcrux_intrinsics_avx2_mm256_slli_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i low_msbs = - libcrux_intrinsics_avx2_mm256_castsi256_si128(lsb_to_msb); - core_core_arch_x86___m128i high_msbs = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, lsb_to_msb, core_core_arch_x86___m128i); - core_core_arch_x86___m128i msbs = - libcrux_intrinsics_avx2_mm_packs_epi16(low_msbs, high_msbs); - int32_t bits_packed = libcrux_intrinsics_avx2_mm_movemask_epi8(msbs); + __m256i vector, uint8_t ret[2U]) { + __m256i lsb_to_msb = mm256_slli_epi16((int32_t)15, vector, __m256i); + __m128i low_msbs = mm256_castsi256_si128(lsb_to_msb); + __m128i high_msbs = mm256_extracti128_si256((int32_t)1, lsb_to_msb, __m128i); + __m128i msbs = mm_packs_epi16(low_msbs, high_msbs); + int32_t bits_packed = mm_movemask_epi8(msbs); uint8_t serialized[2U] = {0U}; serialized[0U] = (uint8_t)bits_packed; serialized[1U] = (uint8_t)(bits_packed >> 8U); @@ -642,110 +526,79 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_1( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]) { +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, + uint8_t ret[2U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_1(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsb_to_msb = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, - (int16_t)1 << 11U, (int16_t)1 << 12U, (int16_t)1 << 13U, - (int16_t)1 << 14U, (int16_t)-32768, (int16_t)1 << 8U, - (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, - (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, - (int16_t)-32768); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, shift_lsb_to_msb); - return libcrux_intrinsics_avx2_mm256_srli_epi16( - (int32_t)15, coefficients_in_msb, core_core_arch_x86___m256i); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsb_to_msb = mm256_set_epi16( + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768, + (int16_t)1 << 8U, (int16_t)1 << 9U, (int16_t)1 << 10U, (int16_t)1 << 11U, + (int16_t)1 << 12U, (int16_t)1 << 13U, (int16_t)1 << 14U, (int16_t)-32768); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsb_to_msb); + return mm256_srli_epi16((int32_t)15, coefficients_in_msb, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_1(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { + __m256i vector, uint8_t ret[8U]) { uint8_t serialized[16U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, - (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, - (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, - (int8_t)4, (int8_t)0)); - core_core_arch_x86___m256i combined = - libcrux_intrinsics_avx2_mm256_permutevar8x32_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, - (int32_t)0, (int32_t)4, (int32_t)0)); - core_core_arch_x86___m128i combined0 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_slice((size_t)16U, serialized, uint8_t, Eurydice_slice), - combined0); + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1, + (int16_t)1 << 4U, (int16_t)1, (int16_t)1 << 4U, (int16_t)1)); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_2_combined, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, (int8_t)4, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)8, + (int8_t)4, (int8_t)0)); + __m256i combined = mm256_permutevar8x32_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)0, + (int32_t)0, (int32_t)0, (int32_t)4, (int32_t)0)); + __m128i combined0 = mm256_castsi256_si128(combined); + mm_storeu_bytes_si128( + Eurydice_array_to_slice((size_t)16U, serialized, uint8_t), combined0); uint8_t ret0[8U]; core_result_Result_56 dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, ret0); memcpy(ret, ret0, (size_t)8U * sizeof(uint8_t)); } @@ -754,127 +607,89 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_4( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]) { +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, + uint8_t ret[8U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_4(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4(Eurydice_slice bytes) { - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t), - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, - uint8_t)); - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m256i coefficients_in_msb = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients_in_lsb = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients_in_msb, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients_in_lsb, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 4U) - (int16_t)1)); + __m256i coefficients = mm256_set_epi16( + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *), + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m256i coefficients_in_msb = + mm256_mullo_epi16(coefficients, shift_lsbs_to_msbs); + __m256i coefficients_in_lsb = + mm256_srli_epi16((int32_t)4, coefficients_in_msb, __m256i); + return mm256_and_si256(coefficients_in_lsb, + mm256_set1_epi16(((int16_t)1 << 4U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_4(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { + __m256i vector, uint8_t ret[10U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, - (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, (int32_t)0, - (int32_t)22, (int32_t)0, (int32_t)22)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)22, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi32( - (int32_t)8, adjacent_4_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined0 = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_8_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)0, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_8_combined1 = - libcrux_intrinsics_avx2_mm256_srli_epi64( - (int32_t)12, adjacent_8_combined0, core_core_arch_x86___m256i); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined1); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16( + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1, + (int16_t)1 << 5U, (int16_t)1, (int16_t)1 << 5U, (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22, + (int32_t)0, (int32_t)22, (int32_t)0, (int32_t)22)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)22, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = + mm256_shuffle_epi32((int32_t)8, adjacent_4_combined0, __m256i); + __m256i adjacent_8_combined0 = mm256_sllv_epi32( + adjacent_8_combined, + mm256_set_epi32((int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)0, (int32_t)0, (int32_t)12)); + __m256i adjacent_8_combined1 = + mm256_srli_epi64((int32_t)12, adjacent_8_combined0, __m256i); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined1); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined1, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t, - Eurydice_slice), + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined1, __m128i); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)5U, (size_t)21U, uint8_t), upper_8); uint8_t ret0[10U]; core_result_Result_cd dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[10U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)10U, uint8_t), + Eurydice_slice, uint8_t[10U]); core_result_unwrap_41_e8(dst, ret0); memcpy(ret, ret0, (size_t)10U * sizeof(uint8_t)); } @@ -883,120 +698,101 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_5( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]) { +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_5(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5(Eurydice_slice bytes) { - core_core_arch_x86___m128i coefficients = libcrux_intrinsics_avx2_mm_set_epi8( - Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t), - Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t)); - core_core_arch_x86___m256i coefficients_loaded = - libcrux_intrinsics_avx2_mm256_castsi128_si256(coefficients); - core_core_arch_x86___m256i coefficients_loaded0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients_loaded, coefficients, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - coefficients_loaded0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, - (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, - (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, - (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, (int8_t)5, - (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)3, - (int8_t)2, (int8_t)1, (int8_t)0, (int8_t)1, (int8_t)0)); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16( - coefficients0, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, - (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, - (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, - (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, - (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, - (int16_t)1 << 11U)); - return libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)11, coefficients1, - core_core_arch_x86___m256i); + __m128i coefficients = + mm_set_epi8(Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *), + Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *)); + __m256i coefficients_loaded = mm256_castsi128_si256(coefficients); + __m256i coefficients_loaded0 = mm256_inserti128_si256( + (int32_t)1, coefficients_loaded, coefficients, __m256i); + __m256i coefficients0 = mm256_shuffle_epi8( + coefficients_loaded0, + mm256_set_epi8((int8_t)15, (int8_t)14, (int8_t)15, (int8_t)14, (int8_t)13, + (int8_t)12, (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, (int8_t)9, + (int8_t)8, (int8_t)7, (int8_t)6, (int8_t)7, (int8_t)6, + (int8_t)5, (int8_t)4, (int8_t)5, (int8_t)4, (int8_t)3, + (int8_t)2, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, + (int8_t)1, (int8_t)0)); + __m256i coefficients1 = mm256_mullo_epi16( + coefficients0, + mm256_set_epi16((int16_t)1 << 0U, (int16_t)1 << 5U, (int16_t)1 << 2U, + (int16_t)1 << 7U, (int16_t)1 << 4U, (int16_t)1 << 9U, + (int16_t)1 << 6U, (int16_t)1 << 11U, (int16_t)1 << 0U, + (int16_t)1 << 5U, (int16_t)1 << 2U, (int16_t)1 << 7U, + (int16_t)1 << 4U, (int16_t)1 << 9U, (int16_t)1 << 6U, + (int16_t)1 << 11U)); + return mm256_srli_epi16((int32_t)11, coefficients1, __m256i); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_5(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { + __m256i vector, uint8_t ret[20U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1, - (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, (int32_t)0, - (int32_t)12, (int32_t)0, (int32_t)12)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)12, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, - (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, - (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1, (int16_t)1 << 10U, (int16_t)1, + (int16_t)1 << 10U, (int16_t)1, (int16_t)1 << 10U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12, + (int32_t)0, (int32_t)12, (int32_t)0, (int32_t)12)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)12, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)-1, (int8_t)-1, (int8_t)12, (int8_t)11, (int8_t)10, + (int8_t)9, (int8_t)8, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)10U, (size_t)26U, uint8_t, - Eurydice_slice), - upper_8); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)10U, + (size_t)26U, uint8_t), + upper_8); uint8_t ret0[20U]; core_result_Result_7a dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[20U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)20U, uint8_t), + Eurydice_slice, uint8_t[20U]); core_result_unwrap_41_34(dst, ret0); memcpy(ret, ret0, (size_t)20U * sizeof(uint8_t)); } @@ -1005,72 +801,53 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_10( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]) { +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_10(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U, (int16_t)1 << 0U, (int16_t)1 << 2U, - (int16_t)1 << 4U, (int16_t)1 << 6U, (int16_t)1 << 0U, - (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, - (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, - (int16_t)1 << 6U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, - 4U, 3U, 3U, 2U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)4U, (size_t)20U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, 10U, - 9U, 9U, 8U, 8U, 7U, 7U, 6U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)6, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 10U) - (int16_t)1)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U, + (int16_t)1 << 0U, (int16_t)1 << 2U, (int16_t)1 << 4U, (int16_t)1 << 6U); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(9U, 8U, 8U, 7U, 7U, 6U, 6U, 5U, 4U, 3U, + 3U, 2U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)20U, uint8_t)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 13U, 12U, 12U, 11U, + 10U, 9U, 9U, 8U, 8U, 7U, 7U, 6U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)6, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 10U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_10(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { + __m256i vector, uint8_t ret[22U]) { int16_t array[16U] = {0U}; - libcrux_intrinsics_avx2_mm256_storeu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice), - vector); + mm256_storeu_si256_i16(Eurydice_array_to_slice((size_t)16U, array, int16_t), + vector); libcrux_ml_kem_vector_portable_vector_type_PortableVector input = libcrux_ml_kem_vector_portable_from_i16_array_0d( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)16U, array, int16_t)); uint8_t ret0[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(input, ret0); memcpy(ret, ret0, (size_t)22U * sizeof(uint8_t)); @@ -1080,81 +857,69 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_11( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]) { +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_11(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11(Eurydice_slice bytes) { libcrux_ml_kem_vector_portable_vector_type_PortableVector output = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); int16_t array[16U]; libcrux_ml_kem_vector_portable_to_i16_array_0d(output, array); - return libcrux_intrinsics_avx2_mm256_loadu_si256_i16( - Eurydice_array_to_slice((size_t)16U, array, int16_t, Eurydice_slice)); + return mm256_loadu_si256_i16( + Eurydice_array_to_slice((size_t)16U, array, int16_t)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_11(bytes); } KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { + __m256i vector, uint8_t ret[24U]) { uint8_t serialized[32U] = {0U}; - core_core_arch_x86___m256i adjacent_2_combined = - libcrux_intrinsics_avx2_mm256_madd_epi16( - vector, - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1, - (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, (int16_t)1)); - core_core_arch_x86___m256i adjacent_4_combined = - libcrux_intrinsics_avx2_mm256_sllv_epi32( - adjacent_2_combined, - libcrux_intrinsics_avx2_mm256_set_epi32( - (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, (int32_t)0, - (int32_t)8, (int32_t)0, (int32_t)8)); - core_core_arch_x86___m256i adjacent_4_combined0 = - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, adjacent_4_combined, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i adjacent_8_combined = - libcrux_intrinsics_avx2_mm256_shuffle_epi8( - adjacent_4_combined0, - libcrux_intrinsics_avx2_mm256_set_epi8( - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, (int8_t)0, - (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, - (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, - (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, - (int8_t)0)); - core_core_arch_x86___m128i lower_8 = - libcrux_intrinsics_avx2_mm256_castsi256_si128(adjacent_8_combined); - core_core_arch_x86___m128i upper_8 = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, adjacent_8_combined, core_core_arch_x86___m128i); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t, - Eurydice_slice), + __m256i adjacent_2_combined = mm256_madd_epi16( + vector, mm256_set_epi16((int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1, (int16_t)1 << 12U, (int16_t)1, + (int16_t)1 << 12U, (int16_t)1, (int16_t)1 << 12U, + (int16_t)1)); + __m256i adjacent_4_combined = mm256_sllv_epi32( + adjacent_2_combined, + mm256_set_epi32((int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8, + (int32_t)0, (int32_t)8, (int32_t)0, (int32_t)8)); + __m256i adjacent_4_combined0 = + mm256_srli_epi64((int32_t)8, adjacent_4_combined, __m256i); + __m256i adjacent_8_combined = mm256_shuffle_epi8( + adjacent_4_combined0, + mm256_set_epi8((int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)13, + (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, (int8_t)8, + (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, (int8_t)1, + (int8_t)0, (int8_t)-1, (int8_t)-1, (int8_t)-1, (int8_t)-1, + (int8_t)13, (int8_t)12, (int8_t)11, (int8_t)10, (int8_t)9, + (int8_t)8, (int8_t)5, (int8_t)4, (int8_t)3, (int8_t)2, + (int8_t)1, (int8_t)0)); + __m128i lower_8 = mm256_castsi256_si128(adjacent_8_combined); + __m128i upper_8 = + mm256_extracti128_si256((int32_t)1, adjacent_8_combined, __m128i); + mm_storeu_bytes_si128( + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)16U, uint8_t), lower_8); - libcrux_intrinsics_avx2_mm_storeu_bytes_si128( - Eurydice_array_to_subslice2(serialized, (size_t)12U, (size_t)28U, uint8_t, - Eurydice_slice), - upper_8); + mm_storeu_bytes_si128(Eurydice_array_to_subslice2(serialized, (size_t)12U, + (size_t)28U, uint8_t), + upper_8); uint8_t ret0[24U]; core_result_Result_6f dst; Eurydice_slice_to_array2( &dst, - Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[24U], void *); + Eurydice_array_to_subslice2(serialized, (size_t)0U, (size_t)24U, uint8_t), + Eurydice_slice, uint8_t[24U]); core_result_unwrap_41_1c(dst, ret0); memcpy(ret, ret0, (size_t)24U * sizeof(uint8_t)); } @@ -1163,73 +928,53 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_avx2_serialize_serialize_12( This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]) { +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]) { libcrux_ml_kem_vector_avx2_serialize_serialize_12(vector, ret); } -KRML_MUSTINLINE core_core_arch_x86___m256i +KRML_MUSTINLINE __m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12(Eurydice_slice bytes) { - core_core_arch_x86___m256i shift_lsbs_to_msbs = - libcrux_intrinsics_avx2_mm256_set_epi16( - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, - (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, - (int16_t)1 << 4U); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)0U, (size_t)16U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - lower_coefficients, - libcrux_intrinsics_avx2_mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, - 5U, 4U, 4U, 3U, 2U, 1U, 1U, 0U)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_slice_subslice2( - bytes, (size_t)8U, (size_t)24U, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8( - upper_coefficients, libcrux_intrinsics_avx2_mm_set_epi8( - 15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, 9U, - 8U, 8U, 7U, 6U, 5U, 5U, 4U)); - core_core_arch_x86___m256i coefficients = - libcrux_intrinsics_avx2_mm256_castsi128_si256(lower_coefficients0); - core_core_arch_x86___m256i coefficients0 = - libcrux_intrinsics_avx2_mm256_inserti128_si256( - (int32_t)1, coefficients, upper_coefficients0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i coefficients1 = - libcrux_intrinsics_avx2_mm256_mullo_epi16(coefficients0, - shift_lsbs_to_msbs); - core_core_arch_x86___m256i coefficients2 = - libcrux_intrinsics_avx2_mm256_srli_epi16((int32_t)4, coefficients1, - core_core_arch_x86___m256i); - return libcrux_intrinsics_avx2_mm256_and_si256( - coefficients2, libcrux_intrinsics_avx2_mm256_set1_epi16( - ((int16_t)1 << 12U) - (int16_t)1)); + __m256i shift_lsbs_to_msbs = mm256_set_epi16( + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U, + (int16_t)1 << 0U, (int16_t)1 << 4U, (int16_t)1 << 0U, (int16_t)1 << 4U); + __m128i lower_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)16U, uint8_t)); + __m128i lower_coefficients0 = mm_shuffle_epi8( + lower_coefficients, mm_set_epi8(11U, 10U, 10U, 9U, 8U, 7U, 7U, 6U, 5U, 4U, + 4U, 3U, 2U, 1U, 1U, 0U)); + __m128i upper_coefficients = mm_loadu_si128( + Eurydice_slice_subslice2(bytes, (size_t)8U, (size_t)24U, uint8_t)); + __m128i upper_coefficients0 = mm_shuffle_epi8( + upper_coefficients, mm_set_epi8(15U, 14U, 14U, 13U, 12U, 11U, 11U, 10U, + 9U, 8U, 8U, 7U, 6U, 5U, 5U, 4U)); + __m256i coefficients = mm256_castsi128_si256(lower_coefficients0); + __m256i coefficients0 = mm256_inserti128_si256((int32_t)1, coefficients, + upper_coefficients0, __m256i); + __m256i coefficients1 = mm256_mullo_epi16(coefficients0, shift_lsbs_to_msbs); + __m256i coefficients2 = mm256_srli_epi16((int32_t)4, coefficients1, __m256i); + return mm256_and_si256(coefficients2, + mm256_set1_epi16(((int16_t)1 << 12U) - (int16_t)1)); } /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes) { +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes) { return libcrux_ml_kem_vector_avx2_serialize_deserialize_12(bytes); } KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi16( - LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i potential_coefficients = + __m256i field_modulus = + mm256_set1_epi16(LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i potential_coefficients = libcrux_ml_kem_vector_avx2_serialize_deserialize_12(input); - core_core_arch_x86___m256i compare_with_field_modulus = - libcrux_intrinsics_avx2_mm256_cmpgt_epi16(field_modulus, - potential_coefficients); + __m256i compare_with_field_modulus = + mm256_cmpgt_epi16(field_modulus, potential_coefficients); uint8_t good[2U]; libcrux_ml_kem_vector_avx2_serialize_serialize_1(compare_with_field_modulus, good); @@ -1238,35 +983,27 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[0U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i lower_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, lower_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i lower_coefficients = - libcrux_intrinsics_avx2_mm256_castsi256_si128(potential_coefficients); - core_core_arch_x86___m128i lower_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(lower_coefficients, - lower_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128(output, lower_coefficients0); + __m128i lower_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, lower_shuffles, uint8_t)); + __m128i lower_coefficients = mm256_castsi256_si128(potential_coefficients); + __m128i lower_coefficients0 = + mm_shuffle_epi8(lower_coefficients, lower_shuffles0); + mm_storeu_si128(output, lower_coefficients0); size_t sampled_count = (size_t)core_num__u8_6__count_ones(good[0U]); uint8_t upper_shuffles[16U]; memcpy(upper_shuffles, libcrux_ml_kem_vector_rej_sample_table_REJECTION_SAMPLE_SHUFFLE_TABLE[( size_t)good[1U]], (size_t)16U * sizeof(uint8_t)); - core_core_arch_x86___m128i upper_shuffles0 = - libcrux_intrinsics_avx2_mm_loadu_si128(Eurydice_array_to_slice( - (size_t)16U, upper_shuffles, uint8_t, Eurydice_slice)); - core_core_arch_x86___m128i upper_coefficients = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, potential_coefficients, core_core_arch_x86___m128i); - core_core_arch_x86___m128i upper_coefficients0 = - libcrux_intrinsics_avx2_mm_shuffle_epi8(upper_coefficients, - upper_shuffles0); - libcrux_intrinsics_avx2_mm_storeu_si128( - Eurydice_slice_subslice2(output, sampled_count, - sampled_count + (size_t)8U, int16_t, - Eurydice_slice), - upper_coefficients0); + __m128i upper_shuffles0 = mm_loadu_si128( + Eurydice_array_to_slice((size_t)16U, upper_shuffles, uint8_t)); + __m128i upper_coefficients = + mm256_extracti128_si256((int32_t)1, potential_coefficients, __m128i); + __m128i upper_coefficients0 = + mm_shuffle_epi8(upper_coefficients, upper_shuffles0); + mm_storeu_si128(Eurydice_slice_subslice2(output, sampled_count, + sampled_count + (size_t)8U, int16_t), + upper_coefficients0); size_t uu____0 = sampled_count; return uu____0 + (size_t)core_num__u8_6__count_ones(good[1U]); } @@ -1284,8 +1021,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -inline core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self) { +inline __m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self) { return self[0U]; } @@ -1320,6 +1056,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ZERO_89_9b(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -1327,24 +1069,26 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_reduced_ring_element_7f(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_71(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(coefficient); } return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -1352,14 +1096,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_494( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a84( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -1367,9 +1111,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_494( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -1382,10 +1126,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -shift_right_4a(core_core_arch_x86___m256i vector) { - return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, - core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i shift_right_17(__m256i vector) { + return mm256_srai_epi16((int32_t)15, vector, __m256i); } /** @@ -1397,9 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static core_core_arch_x86___m256i shift_right_ea_25( - core_core_arch_x86___m256i vector) { - return shift_right_4a(vector); +static __m256i shift_right_ea_08(__m256i vector) { + return shift_right_17(vector); } /** @@ -1408,12 +1149,10 @@ libcrux_ml_kem.vector.traits.to_unsigned_representative with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_unsigned_representative_d2( - core_core_arch_x86___m256i a) { - core_core_arch_x86___m256i t = shift_right_ea_25(a); - core_core_arch_x86___m256i fm = - libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); +static __m256i to_unsigned_representative_14(__m256i a) { + __m256i t = shift_right_ea_08(a); + __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); } @@ -1423,27 +1162,26 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_af( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_aa( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d2(re->coefficients[i0]); + __m256i coefficient = to_unsigned_representative_14(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_avx2_serialize_12_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1451,34 +1189,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_7f1( +static KRML_MUSTINLINE void serialize_secret_key_791( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_af(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_aa(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -1487,24 +1225,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_941( +static KRML_MUSTINLINE void serialize_public_key_5a1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_7f1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_791(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -1516,18 +1250,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c1(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f91(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; - deserialize_ring_elements_reduced_494( + deserialize_ring_elements_reduced_a84( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_941( + serialize_public_key_5a1( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -1581,11 +1315,10 @@ shake128_init_absorb_b41(uint8_t input[3U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -1600,9 +1333,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_a9_cf1(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b41(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b41(copy_of_input); } /** @@ -1619,10 +1353,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_981( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -1650,6 +1384,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c01( shake128_squeeze_three_blocks_981(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1668,12 +1443,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f93( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1703,10 +1477,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_aa1( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -1733,6 +1507,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_a31( shake128_squeeze_block_aa1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -1751,12 +1566,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f94( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -1791,8 +1605,7 @@ from_i16_array_89_46(Eurydice_slice a) { size_t i0 = i; result.coefficients[i0] = libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice_subslice2( - a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + a, i0 * (size_t)16U, (i0 + (size_t)1U) * (size_t)16U, int16_t)); } return result; } @@ -1805,8 +1618,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_191( int16_t s[272U]) { - return from_i16_array_89_46(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -1820,33 +1633,38 @@ static KRML_MUSTINLINE void sample_from_xof_af1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf1(uu____0); + shake128_init_absorb_a9_cf1(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_a9_c01(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_f93( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_a9_a31(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_f94( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_191(uu____3[i]);); + ret0[i] = closure_191(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -1866,24 +1684,25 @@ static KRML_MUSTINLINE void sample_matrix_A_ac1( closure_b91(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[3U]; - sample_from_xof_af1(uu____1, sampled); + sample_from_xof_af1(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -1892,7 +1711,9 @@ static KRML_MUSTINLINE void sample_matrix_A_ac1( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); @@ -1923,14 +1744,14 @@ static KRML_MUSTINLINE void PRFxN_662(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -1958,6 +1779,55 @@ static KRML_MUSTINLINE void PRFxN_a9_a12(uint8_t (*input)[33U], PRFxN_662(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -1968,24 +1838,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2001,8 +1869,8 @@ sample_from_binomial_distribution_2_ee(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_46(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2015,21 +1883,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2047,8 +1913,8 @@ sample_from_binomial_distribution_3_c4(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_46(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2073,9 +1939,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_fd( size_t step = LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT / (size_t)2U; for (size_t i = (size_t)0U; i < step; i++) { size_t j = i; - core_core_arch_x86___m256i t = - libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - re->coefficients[j + step], (int16_t)-1600); + __m256i t = libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( + re->coefficients[j + step], (int16_t)-1600); re->coefficients[j + step] = libcrux_ml_kem_vector_avx2_sub_ea(re->coefficients[j], &t); re->coefficients[j] = @@ -2084,8 +1949,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_fd( } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { - core_core_arch_x86___m256i fst; - core_core_arch_x86___m256i snd; + __m256i fst; + __m256i snd; } libcrux_ml_kem_vector_avx2_SIMD256Vector_x2; /** @@ -2094,8 +1959,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i montgomery_multiply_fe_3e( - core_core_arch_x86___m256i v, int16_t fer) { +static __m256i montgomery_multiply_fe_3e(__m256i v, int16_t fer) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea(v, fer); } @@ -2106,9 +1970,8 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -ntt_layer_int_vec_step_a7(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, int16_t zeta_r) { - core_core_arch_x86___m256i t = montgomery_multiply_fe_3e(b, zeta_r); +ntt_layer_int_vec_step_a7(__m256i a, __m256i b, int16_t zeta_r) { + __m256i t = montgomery_multiply_fe_3e(b, zeta_r); b = libcrux_ml_kem_vector_avx2_sub_ea(a, &t); a = libcrux_ml_kem_vector_avx2_add_ea(a, &t); return (CLITERAL(libcrux_ml_kem_vector_avx2_SIMD256Vector_x2){.fst = a, @@ -2137,8 +2000,8 @@ static KRML_MUSTINLINE void ntt_at_layer_4_plus_5a( ntt_layer_int_vec_step_a7( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2242,6 +2105,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_b2( poly_barrett_reduce_89_e6(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2255,12 +2122,13 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2268,23 +2136,49 @@ static KRML_MUSTINLINE tuple_b00 sample_vector_cbd_then_ntt_081( PRFxN_a9_a12(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2319,6 +2213,10 @@ ntt_multiply_89_44(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -2333,11 +2231,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -2351,8 +2247,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i to_standard_domain_c8( - core_core_arch_x86___m256i v) { +static __m256i to_standard_domain_c8(__m256i v) { return libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( v, LIBCRUX_ML_KEM_VECTOR_TRAITS_MONTGOMERY_R_SQUARED_MOD_FIELD_MODULUS); } @@ -2373,7 +2268,7 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_06( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = to_standard_domain_c8(self->coefficients[j]); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, @@ -2381,6 +2276,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_06( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -2396,22 +2294,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_581( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -2427,6 +2323,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_581( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2435,13 +2372,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_651( +static tuple_9b0 generate_keypair_unpacked_5c1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e11(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; @@ -2451,53 +2388,59 @@ static tuple_9b0 generate_keypair_unpacked_651( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_081(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_081(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_9b0){.fst = sk, .snd = pk}); } @@ -2515,7 +2458,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_761( +static void closure_a21( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -2531,14 +2474,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6d( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6f( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; - core_core_arch_x86___m256i ret[16U]; + __m256i ret[16U]; core_array___core__clone__Clone_for__Array_T__N___20__clone( - (size_t)16U, self->coefficients, ret, core_core_arch_x86___m256i, void *); - memcpy(lit.coefficients, ret, - (size_t)16U * sizeof(core_core_arch_x86___m256i)); + (size_t)16U, self->coefficients, ret, __m256i, void *); + memcpy(lit.coefficients, ret, (size_t)16U * sizeof(__m256i)); return lit; } @@ -2568,27 +2510,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b0 uu____0 = generate_keypair_unpacked_651(ind_cpa_keypair_randomness); + size_t); + tuple_9b0 uu____0 = generate_keypair_unpacked_5c1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_761(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a21(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6d(&ind_cpa_public_key.A[j][i1]); + clone_d5_6f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -2598,36 +2539,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d1(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_941( + serialize_public_key_5a1( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_a11(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -2643,28 +2587,70 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_e31( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_931( Eurydice_slice key_generation_seed) { - tuple_9b0 uu____0 = generate_keypair_unpacked_651(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 pk = uu____0.snd; + uint8_t hashed[64U]; + G_a9_e11(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac1(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____2 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_081(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + compute_As_plus_e_581(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_941(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_5a1( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_7f1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_791(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -2672,7 +2658,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f61( +static KRML_MUSTINLINE void serialize_kem_secret_key_8e1( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -2680,46 +2666,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f61( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_a11(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2733,39 +2721,42 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_991(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0d1(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_e31(ind_cpa_keypair_randomness); + generate_keypair_931(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_f61( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_8e1( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_from_05_db0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb0( - uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_120( + uu____2, libcrux_ml_kem_types_from_b6_8e0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -2775,16 +2766,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b00 -sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_581(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -2793,16 +2785,17 @@ sample_ring_element_cbd_c01(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_b00 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -2816,8 +2809,7 @@ with const generics static KRML_MUSTINLINE void PRF_450(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -2842,7 +2834,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_38( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_3d( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2866,7 +2858,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_64( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2886,7 +2878,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_b7( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_fb( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -2904,11 +2896,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 -inv_ntt_layer_int_vec_step_reduce_0d(core_core_arch_x86___m256i a, - core_core_arch_x86___m256i b, - int16_t zeta_r) { - core_core_arch_x86___m256i a_minus_b = - libcrux_ml_kem_vector_avx2_sub_ea(b, &a); +inv_ntt_layer_int_vec_step_reduce_eb(__m256i a, __m256i b, int16_t zeta_r) { + __m256i a_minus_b = libcrux_ml_kem_vector_avx2_sub_ea(b, &a); a = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( libcrux_ml_kem_vector_avx2_add_ea(a, &b)); b = montgomery_multiply_fe_3e(a_minus_b, zeta_r); @@ -2922,7 +2911,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_78( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_39( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -2937,11 +2926,11 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_78( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_avx2_SIMD256Vector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_0d( + inv_ntt_layer_int_vec_step_reduce_eb( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); - core_core_arch_x86___m256i x = uu____0.fst; - core_core_arch_x86___m256i y = uu____0.snd; + __m256i x = uu____0.fst; + __m256i y = uu____0.snd; re->coefficients[j] = x; re->coefficients[j + step_vec] = y; } @@ -2954,17 +2943,17 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_241( +static KRML_MUSTINLINE void invert_ntt_montgomery_e61( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_38(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_b7(&zeta_i, re); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_64(&zeta_i, re); + invert_ntt_at_layer_3_fb(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } @@ -2978,13 +2967,13 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_42( +static KRML_MUSTINLINE void add_error_reduce_89_c7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t j = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( self->coefficients[j], (int16_t)1441); self->coefficients[j] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -2993,13 +2982,16 @@ static KRML_MUSTINLINE void add_error_reduce_89_42( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_7e1( +static KRML_MUSTINLINE void compute_vector_u_541( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -3008,22 +3000,20 @@ static KRML_MUSTINLINE void compute_vector_u_7e1( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -3031,8 +3021,8 @@ static KRML_MUSTINLINE void compute_vector_u_7e1( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce1(&result[i1], &product); } - invert_ntt_montgomery_241(&result[i1]); - add_error_reduce_89_42(&result[i1], &error_1[i1]); + invert_ntt_montgomery_e61(&result[i1]); + add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -3045,8 +3035,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static core_core_arch_x86___m256i decompress_1_22( - core_core_arch_x86___m256i v) { +static __m256i decompress_1_d7(__m256i v) { return libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( libcrux_ml_kem_vector_avx2_sub_ea(libcrux_ml_kem_vector_avx2_ZERO_ea(), &v), @@ -3060,16 +3049,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_message_5a(uint8_t serialized[32U]) { +deserialize_then_decompress_message_d3(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_deserialize_1_ea( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, - (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice)); - re.coefficients[i0] = decompress_1_22(coefficient_compressed);); + (size_t)2U * i0 + (size_t)2U, + uint8_t)); + re.coefficients[i0] = decompress_1_d7(coefficient_compressed);); return re; } @@ -3084,19 +3073,19 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -add_message_error_reduce_89_07( +add_message_error_reduce_89_6a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 result) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( result.coefficients[i0], (int16_t)1441); - core_core_arch_x86___m256i tmp = libcrux_ml_kem_vector_avx2_add_ea( - self->coefficients[i0], &message->coefficients[i0]); - core_core_arch_x86___m256i tmp0 = + __m256i tmp = libcrux_ml_kem_vector_avx2_add_ea(self->coefficients[i0], + &message->coefficients[i0]); + __m256i tmp0 = libcrux_ml_kem_vector_avx2_add_ea(coefficient_normal_form, &tmp); result.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea(tmp0); @@ -3104,6 +3093,9 @@ add_message_error_reduce_89_07( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3111,7 +3103,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_af1( +compute_ring_element_v_f91( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -3121,8 +3113,8 @@ compute_ring_element_v_af1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_241(&result); - result = add_message_error_reduce_89_07(error_2, message, result); + invert_ntt_montgomery_e61(&result); + result = add_message_error_reduce_89_6a(error_2, message, result); return result; } @@ -3132,61 +3124,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d4(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)10) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)10, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)10, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)10, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3198,9 +3172,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i compress_ea_69( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac(vector); +static __m256i compress_ea_0e(__m256i vector) { + return compress_ciphertext_coefficient_d4(vector); } /** @@ -3209,23 +3182,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_b2( +static KRML_MUSTINLINE void compress_then_serialize_10_d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_69(to_unsigned_representative_d2(re->coefficients[i0])); + __m256i coefficient = + compress_ea_0e(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -3236,61 +3206,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac0(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d40(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)11) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)11, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)11, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)11, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3302,9 +3254,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i compress_ea_690( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac0(vector); +static __m256i compress_ea_0e0(__m256i vector) { + return compress_ciphertext_coefficient_d40(vector); } /** @@ -3314,13 +3265,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_36( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_56( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_b2(re, uu____0); + compress_then_serialize_10_d0(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -3330,29 +3284,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_c51( +static void compress_then_serialize_u_9b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_36(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_56(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -3362,61 +3312,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac1(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d41(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)4) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)4, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)4, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)4, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3428,9 +3360,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i compress_ea_691( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac1(vector); +static __m256i compress_ea_0e1(__m256i vector) { + return compress_ciphertext_coefficient_d41(vector); } /** @@ -3439,22 +3370,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_5a( +static KRML_MUSTINLINE void compress_then_serialize_4_fb( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_691(to_unsigned_representative_d2(re.coefficients[i0])); + __m256i coefficient = + compress_ea_0e1(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -3464,61 +3393,43 @@ libcrux_ml_kem.vector.avx2.compress.compress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -compress_ciphertext_coefficient_ac2(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus_halved = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / - (int32_t)2); - core_core_arch_x86___m256i compression_factor = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)10321340); - core_core_arch_x86___m256i coefficient_bits_mask = - libcrux_intrinsics_avx2_mm256_set1_epi32( - ((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i compressed_low = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_low0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_low, - field_modulus_halved); - core_core_arch_x86___m256i compressed_low1 = +static KRML_MUSTINLINE __m256i +compress_ciphertext_coefficient_d42(__m256i vector) { + __m256i field_modulus_halved = mm256_set1_epi32( + ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / + (int32_t)2); + __m256i compression_factor = mm256_set1_epi32((int32_t)10321340); + __m256i coefficient_bits_mask = + mm256_set1_epi32(((int32_t)1 << (uint32_t)(int32_t)5) - (int32_t)1); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i compressed_low = + mm256_slli_epi32((int32_t)5, coefficients_low0, __m256i); + __m256i compressed_low0 = + mm256_add_epi32(compressed_low, field_modulus_halved); + __m256i compressed_low1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_low0, compression_factor); - core_core_arch_x86___m256i compressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_low3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_low2, - coefficient_bits_mask); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i compressed_high = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)5, coefficients_high0, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high0 = - libcrux_intrinsics_avx2_mm256_add_epi32(compressed_high, - field_modulus_halved); - core_core_arch_x86___m256i compressed_high1 = + __m256i compressed_low2 = + mm256_srli_epi32((int32_t)3, compressed_low1, __m256i); + __m256i compressed_low3 = + mm256_and_si256(compressed_low2, coefficient_bits_mask); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i compressed_high = + mm256_slli_epi32((int32_t)5, coefficients_high0, __m256i); + __m256i compressed_high0 = + mm256_add_epi32(compressed_high, field_modulus_halved); + __m256i compressed_high1 = libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(compressed_high0, compression_factor); - core_core_arch_x86___m256i compressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)3, compressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed_high3 = - libcrux_intrinsics_avx2_mm256_and_si256(compressed_high2, - coefficient_bits_mask); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(compressed_low3, - compressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); + __m256i compressed_high2 = + mm256_srli_epi32((int32_t)3, compressed_high1, __m256i); + __m256i compressed_high3 = + mm256_and_si256(compressed_high2, coefficient_bits_mask); + __m256i compressed = mm256_packs_epi32(compressed_low3, compressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3530,9 +3441,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i compress_ea_692( - core_core_arch_x86___m256i vector) { - return compress_ciphertext_coefficient_ac2(vector); +static __m256i compress_ea_0e2(__m256i vector) { + return compress_ciphertext_coefficient_d42(vector); } /** @@ -3541,22 +3451,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_a4( +static KRML_MUSTINLINE void compress_then_serialize_5_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficients = - compress_ea_692(to_unsigned_representative_d2(re.coefficients[i0])); + __m256i coefficients = + compress_ea_0e2(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -3567,11 +3475,52 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6d( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_4_5a(re, out); -} - + compress_then_serialize_4_fb(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -3589,22 +3538,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_d21( +static void encrypt_unpacked_a31( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b00 uu____3 = sample_ring_element_cbd_c01(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_581(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -3612,34 +3564,33 @@ static void encrypt_unpacked_d21( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - compute_vector_u_7e1(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_541(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_5a(uu____4); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_af1(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f91(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c51( + compress_then_serialize_u_9b1( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_3c( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -3661,51 +3612,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_361( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_d21(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_a31(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_100(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3719,15 +3670,20 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4b1(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_811(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -3735,14 +3691,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_493( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a83( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -3750,9 +3706,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_493( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -3777,49 +3733,52 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_351(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_e01(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - deserialize_ring_elements_reduced_493( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_a83( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac1(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_d21(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_a31(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -3834,12 +3793,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_ab1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9a1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -3862,59 +3820,55 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_011( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4b1( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_811( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_a11(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_351(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_e01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_100(uu____4); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ab1(shared_secret, shared_secret_array); + kdf_af_9a1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3924,58 +3878,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 10 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_15(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)10); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)10, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)10); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)10, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)10, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -3988,9 +3923,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_15(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b(__m256i vector) { + return decompress_ciphertext_coefficient_8b(vector); } /** @@ -4000,19 +3934,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_46(Eurydice_slice serialized) { +deserialize_then_decompress_10_92(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b(coefficient); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b(coefficient); } return re; } @@ -4023,58 +3953,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 11 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_150(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)11); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)11, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b0(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)11); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)11, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)11, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4087,9 +3998,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b0( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_150(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b0(__m256i vector) { + return decompress_ciphertext_coefficient_8b0(vector); } /** @@ -4099,19 +4009,15 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_f4(Eurydice_slice serialized) { +deserialize_then_decompress_11_79(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b0(coefficient); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b0(coefficient); } return re; } @@ -4123,8 +4029,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_80(Eurydice_slice serialized) { - return deserialize_then_decompress_10_46(serialized); +deserialize_then_decompress_ring_element_u_28(Eurydice_slice serialized) { + return deserialize_then_decompress_10_92(serialized); } /** @@ -4133,7 +4039,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_10( +static KRML_MUSTINLINE void ntt_vector_u_b2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -4146,6 +4052,10 @@ static KRML_MUSTINLINE void ntt_vector_u_10( poly_barrett_reduce_89_e6(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4154,17 +4064,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1c1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -4177,11 +4086,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f1( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_80(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_10(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); + ntt_vector_u_b2(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4194,58 +4101,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 4 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_151(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)4); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)4, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b1(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)4); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)4, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)4, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4258,9 +4146,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b1( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_151(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b1(__m256i vector) { + return decompress_ciphertext_coefficient_8b1(vector); } /** @@ -4270,18 +4157,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_34(Eurydice_slice serialized) { +deserialize_then_decompress_4_c8(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); - core_core_arch_x86___m256i coefficient = - libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_7b1(coefficient); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); + __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b1(coefficient); } return re; } @@ -4292,58 +4176,39 @@ libcrux_ml_kem.vector.avx2.compress.decompress_ciphertext_coefficient with const generics - COEFFICIENT_BITS= 5 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -decompress_ciphertext_coefficient_152(core_core_arch_x86___m256i vector) { - core_core_arch_x86___m256i field_modulus = - libcrux_intrinsics_avx2_mm256_set1_epi32( - (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); - core_core_arch_x86___m256i two_pow_coefficient_bits = - libcrux_intrinsics_avx2_mm256_set1_epi32((int32_t)1 - << (uint32_t)(int32_t)5); - core_core_arch_x86___m128i coefficients_low = - libcrux_intrinsics_avx2_mm256_castsi256_si128(vector); - core_core_arch_x86___m256i coefficients_low0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_low); - core_core_arch_x86___m256i decompressed_low = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_low0, - field_modulus); - core_core_arch_x86___m256i decompressed_low0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_low, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_low0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_low2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_low1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_low3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_low2, - core_core_arch_x86___m256i); - core_core_arch_x86___m128i coefficients_high = - libcrux_intrinsics_avx2_mm256_extracti128_si256( - (int32_t)1, vector, core_core_arch_x86___m128i); - core_core_arch_x86___m256i coefficients_high0 = - libcrux_intrinsics_avx2_mm256_cvtepi16_epi32(coefficients_high); - core_core_arch_x86___m256i decompressed_high = - libcrux_intrinsics_avx2_mm256_mullo_epi32(coefficients_high0, - field_modulus); - core_core_arch_x86___m256i decompressed_high0 = - libcrux_intrinsics_avx2_mm256_slli_epi32((int32_t)1, decompressed_high, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high1 = - libcrux_intrinsics_avx2_mm256_add_epi32(decompressed_high0, - two_pow_coefficient_bits); - core_core_arch_x86___m256i decompressed_high2 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)5, decompressed_high1, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i decompressed_high3 = - libcrux_intrinsics_avx2_mm256_srli_epi32((int32_t)1, decompressed_high2, - core_core_arch_x86___m256i); - core_core_arch_x86___m256i compressed = - libcrux_intrinsics_avx2_mm256_packs_epi32(decompressed_low3, - decompressed_high3); - return libcrux_intrinsics_avx2_mm256_permute4x64_epi64( - (int32_t)216, compressed, core_core_arch_x86___m256i); +static KRML_MUSTINLINE __m256i +decompress_ciphertext_coefficient_8b2(__m256i vector) { + __m256i field_modulus = + mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); + __m256i two_pow_coefficient_bits = + mm256_set1_epi32((int32_t)1 << (uint32_t)(int32_t)5); + __m128i coefficients_low = mm256_castsi256_si128(vector); + __m256i coefficients_low0 = mm256_cvtepi16_epi32(coefficients_low); + __m256i decompressed_low = + mm256_mullo_epi32(coefficients_low0, field_modulus); + __m256i decompressed_low0 = + mm256_slli_epi32((int32_t)1, decompressed_low, __m256i); + __m256i decompressed_low1 = + mm256_add_epi32(decompressed_low0, two_pow_coefficient_bits); + __m256i decompressed_low2 = + mm256_srli_epi32((int32_t)5, decompressed_low1, __m256i); + __m256i decompressed_low3 = + mm256_srli_epi32((int32_t)1, decompressed_low2, __m256i); + __m128i coefficients_high = + mm256_extracti128_si256((int32_t)1, vector, __m128i); + __m256i coefficients_high0 = mm256_cvtepi16_epi32(coefficients_high); + __m256i decompressed_high = + mm256_mullo_epi32(coefficients_high0, field_modulus); + __m256i decompressed_high0 = + mm256_slli_epi32((int32_t)1, decompressed_high, __m256i); + __m256i decompressed_high1 = + mm256_add_epi32(decompressed_high0, two_pow_coefficient_bits); + __m256i decompressed_high2 = + mm256_srli_epi32((int32_t)5, decompressed_high1, __m256i); + __m256i decompressed_high3 = + mm256_srli_epi32((int32_t)1, decompressed_high2, __m256i); + __m256i compressed = mm256_packs_epi32(decompressed_low3, decompressed_high3); + return mm256_permute4x64_epi64((int32_t)216, compressed, __m256i); } /** @@ -4356,9 +4221,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static core_core_arch_x86___m256i decompress_ciphertext_coefficient_ea_7b2( - core_core_arch_x86___m256i vector) { - return decompress_ciphertext_coefficient_152(vector); +static __m256i decompress_ciphertext_coefficient_ea_9b2(__m256i vector) { + return decompress_ciphertext_coefficient_8b2(vector); } /** @@ -4368,19 +4232,16 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_c0(Eurydice_slice serialized) { +deserialize_then_decompress_5_c7(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_7b2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_9b2(re.coefficients[i0]); } return re; } @@ -4392,8 +4253,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_19(Eurydice_slice serialized) { - return deserialize_then_decompress_4_34(serialized); +deserialize_then_decompress_ring_element_v_4f(Eurydice_slice serialized) { + return deserialize_then_decompress_4_c8(serialized); } /** @@ -4407,12 +4268,12 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_e1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient_normal_form = + __m256i coefficient_normal_form = libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( b.coefficients[i0], (int16_t)1441); b.coefficients[i0] = libcrux_ml_kem_vector_avx2_barrett_reduce_ea( @@ -4422,6 +4283,12 @@ subtract_reduce_89_36(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4429,7 +4296,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_9b1( +compute_message_a51( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4438,8 +4305,8 @@ compute_message_9b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); - invert_ntt_montgomery_241(&result); - result = subtract_reduce_89_36(v, result); + invert_ntt_montgomery_e61(&result); + result = subtract_reduce_89_e1(v, result); return result; } @@ -4449,27 +4316,48 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_b1( +static KRML_MUSTINLINE void compress_then_serialize_message_66( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; - core_core_arch_x86___m256i coefficient = - to_unsigned_representative_d2(re.coefficients[i0]); - core_core_arch_x86___m256i coefficient_compressed = + __m256i coefficient = to_unsigned_representative_14(re.coefficients[i0]); + __m256i coefficient_compressed = libcrux_ml_kem_vector_avx2_compress_1_ea(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_avx2_serialize_1_ea(coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4480,20 +4368,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_131( +static void decrypt_unpacked_c11( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_7f1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1c1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_19( + deserialize_then_decompress_ring_element_v_4f( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_9b1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a51(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4505,8 +4392,7 @@ with const generics static KRML_MUSTINLINE void PRF_45(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -4545,65 +4431,61 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa1( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_131(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_c11(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_ea3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd3( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_d21(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_a31(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4615,35 +4497,35 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_42(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_35(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_12_ea(bytes); } return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_d61( +static KRML_MUSTINLINE void deserialize_secret_key_f61( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4651,9 +4533,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_d61( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_42(secret_bytes); + deserialize_to_uncompressed_ring_element_35(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4671,21 +4553,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d91(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_491(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_d61(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[3U]; + deserialize_secret_key_f61(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_131(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c11(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4711,41 +4594,37 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_261( +void libcrux_ml_kem_ind_cca_decapsulate_b61( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d91(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_491(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e11( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e11(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -4754,38 +4633,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_261( libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd3( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_351(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_e01(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab1( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_9a1(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ab1(shared_secret0, shared_secret); + kdf_af_9a1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4793,14 +4676,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a82( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4808,9 +4691,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4818,6 +4701,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_492( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4825,34 +4711,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_7f0( +static KRML_MUSTINLINE void serialize_secret_key_790( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_af(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_aa(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4861,24 +4747,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_940( +static KRML_MUSTINLINE void serialize_public_key_5a0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_7f0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_790(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -4890,18 +4772,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c0(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f90(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; - deserialize_ring_elements_reduced_492( + deserialize_ring_elements_reduced_a82( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_940( + serialize_public_key_5a0( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -4955,11 +4837,10 @@ shake128_init_absorb_b40(uint8_t input[4U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[3U], uint8_t)); return state; } @@ -4974,9 +4855,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_a9_cf0(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b40(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b40(copy_of_input); } /** @@ -4993,10 +4875,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_980( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -5027,6 +4909,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c00( shake128_squeeze_three_blocks_980(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5045,12 +4968,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f91( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5080,10 +5002,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_aa0( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -5113,6 +5035,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_a30( shake128_squeeze_block_aa0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5131,12 +5094,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f92( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5161,8 +5123,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_190( int16_t s[272U]) { - return from_i16_array_89_46(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5176,33 +5138,38 @@ static KRML_MUSTINLINE void sample_from_xof_af0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf0(uu____0); + shake128_init_absorb_a9_cf0(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_a9_c00(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_f91( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_a9_a30(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_f92( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_190(uu____3[i]);); + ret0[i] = closure_190(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -5222,24 +5189,25 @@ static KRML_MUSTINLINE void sample_matrix_A_ac0( closure_b90(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[4U]; - sample_from_xof_af0(uu____1, sampled); + sample_from_xof_af0(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -5248,7 +5216,9 @@ static KRML_MUSTINLINE void sample_matrix_A_ac0( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); @@ -5279,14 +5249,14 @@ static KRML_MUSTINLINE void PRFxN_661(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[2U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[3U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -5317,6 +5287,10 @@ static KRML_MUSTINLINE void PRFxN_a9_a11(uint8_t (*input)[33U], PRFxN_661(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5330,12 +5304,13 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5343,23 +5318,26 @@ static KRML_MUSTINLINE tuple_71 sample_vector_cbd_then_ntt_080( PRFxN_a9_a11(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -5374,11 +5352,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -5386,6 +5362,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce0( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5401,22 +5380,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_580( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -5432,6 +5409,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_580( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5440,13 +5458,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_650( +static tuple_54 generate_keypair_unpacked_5c0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e10(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; @@ -5456,53 +5474,59 @@ static tuple_54 generate_keypair_unpacked_650( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_080(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_080(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_54){.fst = sk, .snd = pk}); } @@ -5520,7 +5544,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_760( +static void closure_a20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -5552,27 +5576,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_54 uu____0 = generate_keypair_unpacked_650(ind_cpa_keypair_randomness); + size_t); + tuple_54 uu____0 = generate_keypair_unpacked_5c0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_760(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a20(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6d(&ind_cpa_public_key.A[j][i1]); + clone_d5_6f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5582,36 +5605,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d0(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_940( + serialize_public_key_5a0( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_a10(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_01 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -5627,28 +5653,70 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_e30( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_930( Eurydice_slice key_generation_seed) { - tuple_54 uu____0 = generate_keypair_unpacked_650(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 pk = uu____0.snd; + uint8_t hashed[64U]; + G_a9_e10(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac0(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____2 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_080(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; + compute_As_plus_e_580(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_940(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_5a0( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_7f0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_790(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -5656,7 +5724,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f60( +static KRML_MUSTINLINE void serialize_kem_secret_key_8e0( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -5664,46 +5732,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f60( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_a10(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5717,39 +5787,42 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_990(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_0d0(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_e30(ind_cpa_keypair_randomness); + generate_keypair_930(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_f60( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_8e0( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_from_05_db1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb1( - uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_121( + uu____2, libcrux_ml_kem_types_from_b6_8e1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -5759,16 +5832,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_71 -sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_580(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5777,16 +5851,17 @@ sample_ring_element_cbd_c00(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_71 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -5813,27 +5888,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_240( +static KRML_MUSTINLINE void invert_ntt_montgomery_e60( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_38(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_b7(&zeta_i, re); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_64(&zeta_i, re); + invert_ntt_at_layer_3_fb(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_7e0( +static KRML_MUSTINLINE void compute_vector_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -5842,22 +5920,20 @@ static KRML_MUSTINLINE void compute_vector_u_7e0( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -5865,14 +5941,17 @@ static KRML_MUSTINLINE void compute_vector_u_7e0( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce0(&result[i1], &product); } - invert_ntt_montgomery_240(&result[i1]); - add_error_reduce_89_42(&result[i1], &error_1[i1]); + invert_ntt_montgomery_e60(&result[i1]); + add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5880,7 +5959,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_af0( +compute_ring_element_v_f90( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -5890,8 +5969,8 @@ compute_ring_element_v_af0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_240(&result); - result = add_message_error_reduce_89_07(error_2, message, result); + invert_ntt_montgomery_e60(&result); + result = add_message_error_reduce_89_6a(error_2, message, result); return result; } @@ -5901,23 +5980,20 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_490( +static KRML_MUSTINLINE void compress_then_serialize_11_280( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - core_core_arch_x86___m256i coefficient = - compress_ea_690(to_unsigned_representative_d2(re->coefficients[i0])); + __m256i coefficient = + compress_ea_0e0(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -5929,13 +6005,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_360( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_560( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_490(re, uu____0); + compress_then_serialize_11_280(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -5945,29 +6024,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_c50( +static void compress_then_serialize_u_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_360(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_560(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -5978,11 +6053,52 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_3c0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_6d0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, Eurydice_slice out) { - compress_then_serialize_5_a4(re, out); -} - + compress_then_serialize_5_8e(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -6000,22 +6116,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_d20( +static void encrypt_unpacked_a30( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_71 uu____3 = sample_ring_element_cbd_c00(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_580(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -6023,35 +6142,33 @@ static void encrypt_unpacked_d20( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; - compute_vector_u_7e0(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_540(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_5a(uu____4); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_af0(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f90(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c50( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_9b0( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_3c0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_6d0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -6073,51 +6190,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_360( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_d20(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_a30(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_101(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6131,15 +6248,20 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4b0(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_810(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6147,14 +6269,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_491( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a81( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6162,9 +6284,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_491( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6189,49 +6311,52 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_350(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_e00(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; - deserialize_ring_elements_reduced_491( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_a81( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac0(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_d20(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_a30(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -6246,12 +6371,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_ab0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9a0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6274,59 +6398,55 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_010( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4b0( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_810( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_a10(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_350(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_e00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_101(uu____4); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ab0(shared_secret, shared_secret_array); + kdf_af_9a0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6337,8 +6457,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_800(Eurydice_slice serialized) { - return deserialize_then_decompress_11_f4(serialized); +deserialize_then_decompress_ring_element_u_280(Eurydice_slice serialized) { + return deserialize_then_decompress_11_79(serialized); } /** @@ -6347,7 +6467,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_100( +static KRML_MUSTINLINE void ntt_vector_u_b20( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -6360,6 +6480,10 @@ static KRML_MUSTINLINE void ntt_vector_u_100( poly_barrett_reduce_89_e6(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6368,17 +6492,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1c0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -6391,11 +6514,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f0( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_800(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_100(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_280(u_bytes); + ntt_vector_u_b20(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6409,10 +6530,16 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_190(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c0(serialized); +deserialize_then_decompress_ring_element_v_4f0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_c7(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6420,7 +6547,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_9b0( +compute_message_a50( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6429,11 +6556,35 @@ compute_message_9b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); - invert_ntt_montgomery_240(&result); - result = subtract_reduce_89_36(v, result); + invert_ntt_montgomery_e60(&result); + result = subtract_reduce_89_e1(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6444,20 +6595,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_130( +static void decrypt_unpacked_c10( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_7f0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1c0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_190( + deserialize_then_decompress_ring_element_v_4f0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_9b0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a50(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6496,84 +6646,83 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa0( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_130(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_c10(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_ea4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd1( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_d20(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_a30(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_d60( +static KRML_MUSTINLINE void deserialize_secret_key_f60( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6581,9 +6730,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_d60( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_42(secret_bytes); + deserialize_to_uncompressed_ring_element_35(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6601,21 +6750,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_d90(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_490(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_d60(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[4U]; + deserialize_secret_key_f60(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_130(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c10(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6641,42 +6791,38 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_260( +void libcrux_ml_kem_ind_cca_decapsulate_b60( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d90(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_490(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e10( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e10(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -6685,38 +6831,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_260( libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd1( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_350(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_e00(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab0( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_9a0(Eurydice_array_to_slice( + (size_t)32U, implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ab0(shared_secret0, shared_secret); + kdf_af_9a0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6724,14 +6874,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a80( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6739,9 +6889,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6749,6 +6899,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_490( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6756,34 +6909,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_7f( +static KRML_MUSTINLINE void serialize_secret_key_79( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_af(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_aa(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -6792,23 +6945,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_94( +static KRML_MUSTINLINE void serialize_public_key_5a( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_7f(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_79(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -6820,18 +6970,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_6c(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_f9(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; - deserialize_ring_elements_reduced_490( + deserialize_ring_elements_reduced_a80( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_94( + serialize_public_key_5a( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -6885,11 +7035,10 @@ shake128_init_absorb_b4(uint8_t input[2U][34U]) { libcrux_sha3_generic_keccak_KeccakState_29 state = libcrux_sha3_avx2_x4_incremental_init(); libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( - &state, - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t, Eurydice_slice)); + &state, Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)34U, input[0U], uint8_t)); return state; } @@ -6904,9 +7053,10 @@ libcrux_ml_kem.hash_functions.avx2.shake128_init_absorb_a9 with const generics */ static KRML_MUSTINLINE libcrux_sha3_avx2_x4_incremental_KeccakState shake128_init_absorb_a9_cf(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b4(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b4(copy_of_input); } /** @@ -6923,10 +7073,10 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_98( uint8_t out2[504U] = {0U}; uint8_t out3[504U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( - st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)504U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)504U, out0, uint8_t), + Eurydice_array_to_slice((size_t)504U, out1, uint8_t), + Eurydice_array_to_slice((size_t)504U, out2, uint8_t), + Eurydice_array_to_slice((size_t)504U, out3, uint8_t)); uint8_t uu____0[504U]; memcpy(uu____0, out0, (size_t)504U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)504U * sizeof(uint8_t)); @@ -6951,6 +7101,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_a9_c0( shake128_squeeze_three_blocks_98(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -6969,12 +7160,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f9( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7004,10 +7194,10 @@ static KRML_MUSTINLINE void shake128_squeeze_block_aa( uint8_t out2[168U] = {0U}; uint8_t out3[168U] = {0U}; libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( - st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)168U, out3, uint8_t, Eurydice_slice)); + st, Eurydice_array_to_slice((size_t)168U, out0, uint8_t), + Eurydice_array_to_slice((size_t)168U, out1, uint8_t), + Eurydice_array_to_slice((size_t)168U, out2, uint8_t), + Eurydice_array_to_slice((size_t)168U, out3, uint8_t)); uint8_t uu____0[168U]; memcpy(uu____0, out0, (size_t)168U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)168U * sizeof(uint8_t)); @@ -7031,6 +7221,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_a9_a3( shake128_squeeze_block_aa(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7049,12 +7280,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_f90( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_avx2_rej_sample_ea( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7079,8 +7309,8 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_d2 closure_19( int16_t s[272U]) { - return from_i16_array_89_46(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_46( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7094,33 +7324,38 @@ static KRML_MUSTINLINE void sample_from_xof_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_sha3_avx2_x4_incremental_KeccakState xof_state = - shake128_init_absorb_a9_cf(uu____0); + shake128_init_absorb_a9_cf(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_a9_c0(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_f9( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_a9_a3(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_f90( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_19(uu____3[i]);); + ret0[i] = closure_19(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); @@ -7140,24 +7375,25 @@ static KRML_MUSTINLINE void sample_matrix_A_ac( closure_b9(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sampled[2U]; - sample_from_xof_af(uu____1, sampled); + sample_from_xof_af(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 sample = sampled[j]; @@ -7166,7 +7402,9 @@ static KRML_MUSTINLINE void sample_matrix_A_ac( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); @@ -7197,14 +7435,14 @@ static KRML_MUSTINLINE void PRFxN_66(uint8_t (*input)[33U], uint8_t out2[192U] = {0U}; uint8_t out3[192U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)192U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)192U, out0, uint8_t), + Eurydice_array_to_slice((size_t)192U, out1, uint8_t), + Eurydice_array_to_slice((size_t)192U, out2, uint8_t), + Eurydice_array_to_slice((size_t)192U, out3, uint8_t)); uint8_t uu____0[192U]; memcpy(uu____0, out0, (size_t)192U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)192U * sizeof(uint8_t)); @@ -7240,6 +7478,10 @@ sample_from_binomial_distribution_73(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_c4(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7253,12 +7495,13 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7266,23 +7509,26 @@ static KRML_MUSTINLINE tuple_74 sample_vector_cbd_then_ntt_08( PRFxN_a9_a1(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_73(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_b2(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7297,11 +7543,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *rhs) { for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)16U, self->coefficients, - core_core_arch_x86___m256i, Eurydice_slice), - core_core_arch_x86___m256i, size_t); + i < Eurydice_slice_len(Eurydice_array_to_slice( + (size_t)16U, self->coefficients, __m256i), + __m256i); i++) { size_t i0 = i; self->coefficients[i0] = libcrux_ml_kem_vector_avx2_add_ea( @@ -7309,6 +7553,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_ce( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7324,22 +7571,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_58( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *matrix_element = @@ -7355,6 +7600,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_58( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7363,13 +7649,13 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_65( +static tuple_4c generate_keypair_unpacked_5c( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e1(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; @@ -7379,53 +7665,59 @@ static tuple_4c generate_keypair_unpacked_65( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_08(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_08(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); return (CLITERAL(tuple_4c){.fst = sk, .snd = pk}); } @@ -7443,7 +7735,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_76( +static void closure_a2( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -7475,27 +7767,26 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c uu____0 = generate_keypair_unpacked_65(ind_cpa_keypair_randomness); + size_t); + tuple_4c uu____0 = generate_keypair_unpacked_5c(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_76(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a2(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6d(&ind_cpa_public_key.A[j][i1]); + clone_d5_6f(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7505,36 +7796,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_8d(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_94( + serialize_public_key_5a( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_a9_a1(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_d6 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7550,28 +7844,70 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_e3( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_93( Eurydice_slice key_generation_seed) { - tuple_4c uu____0 = generate_keypair_unpacked_65(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 pk = uu____0.snd; + uint8_t hashed[64U]; + G_a9_e1(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_ac(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____2 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_08(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; + compute_As_plus_e_58(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_94(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_5a( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_7f(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_79(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash @@ -7579,7 +7915,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_f6( +static KRML_MUSTINLINE void serialize_kem_secret_key_8e( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -7587,46 +7923,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_f6( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_a9_a1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7639,38 +7977,38 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_99( +libcrux_ml_kem_types_MlKemKeyPair_cb libcrux_ml_kem_ind_cca_generate_keypair_0d( uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_e3(ind_cpa_keypair_randomness); + generate_keypair_93(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_f6( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_8e( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb( - uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -7687,14 +8025,14 @@ static KRML_MUSTINLINE void PRFxN_660(uint8_t (*input)[33U], uint8_t out2[128U] = {0U}; uint8_t out3[128U] = {0U}; libcrux_sha3_avx2_x4_shake256( - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)128U, out3, uint8_t, Eurydice_slice)); + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[1U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[0U], uint8_t), + Eurydice_array_to_slice((size_t)128U, out0, uint8_t), + Eurydice_array_to_slice((size_t)128U, out1, uint8_t), + Eurydice_array_to_slice((size_t)128U, out2, uint8_t), + Eurydice_array_to_slice((size_t)128U, out3, uint8_t)); uint8_t uu____0[128U]; memcpy(uu____0, out0, (size_t)128U * sizeof(uint8_t)); memcpy(out[0U], uu____0, (size_t)128U * sizeof(uint8_t)); @@ -7719,6 +8057,9 @@ static KRML_MUSTINLINE void PRFxN_a9_a10(uint8_t (*input)[33U], PRFxN_660(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7728,16 +8069,17 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_74 -sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_58(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_9b();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7746,16 +8088,17 @@ sample_ring_element_cbd_c0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); tuple_74 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); lit.snd = domain_separator; return lit; @@ -7782,27 +8125,30 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_24( +static KRML_MUSTINLINE void invert_ntt_montgomery_e6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_38(&zeta_i, re); - invert_ntt_at_layer_2_53(&zeta_i, re); - invert_ntt_at_layer_3_b7(&zeta_i, re); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_78(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_3d(&zeta_i, re); + invert_ntt_at_layer_2_64(&zeta_i, re); + invert_ntt_at_layer_3_fb(&zeta_i, re); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_e6(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_7e( +static KRML_MUSTINLINE void compute_vector_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_1, @@ -7811,22 +8157,20 @@ static KRML_MUSTINLINE void compute_vector_u_7e( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_9b();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *a_element = &row[j]; @@ -7834,14 +8178,17 @@ static KRML_MUSTINLINE void compute_vector_u_7e( ntt_multiply_89_44(a_element, &r_as_ntt[j]); add_to_ring_element_89_ce(&result[i1], &product); } - invert_ntt_montgomery_24(&result[i1]); - add_error_reduce_89_42(&result[i1], &error_1[i1]); + invert_ntt_montgomery_e6(&result[i1]); + add_error_reduce_89_c7(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7849,7 +8196,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_ring_element_v_af( +compute_ring_element_v_f9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *error_2, @@ -7859,11 +8206,14 @@ compute_ring_element_v_af( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_24(&result); - result = add_message_error_reduce_89_07(error_2, message, result); + invert_ntt_montgomery_e6(&result); + result = add_message_error_reduce_89_6a(error_2, message, result); return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -7873,32 +8223,69 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_c5( +static void compress_then_serialize_u_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_d2, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2), + libcrux_ml_kem_polynomial_PolynomialRingElement_d2); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_36(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_56(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -7916,22 +8303,25 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_d2( +static void encrypt_unpacked_a3( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_74 uu____3 = sample_ring_element_cbd_c0(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_58(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -7939,34 +8329,33 @@ static void encrypt_unpacked_d2( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_a9_dd0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = - sample_from_binomial_distribution_730(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; - compute_vector_u_7e(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_54(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = - deserialize_then_decompress_message_5a(uu____4); + deserialize_then_decompress_message_d3(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - compute_ring_element_v_af(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_f9(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - compress_then_serialize_u_c5( + compress_then_serialize_u_9b( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; - compress_then_serialize_ring_element_v_3c( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -7988,51 +8377,51 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_36( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_d2(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_10(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8046,15 +8435,20 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4b(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_81(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8062,14 +8456,14 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_49( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_a8( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8077,9 +8471,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_49( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_reduced_ring_element_7f(ring_element); + deserialize_to_reduced_ring_element_71(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8104,49 +8498,52 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_35(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; - deserialize_ring_elements_reduced_49( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_a8( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_d2(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_a3(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -8161,12 +8558,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_ab(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_9a(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8189,62 +8585,62 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_01( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4b( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_81( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_a9_a1(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_35(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_10(uu____4); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ab(shared_secret, shared_secret_array); + kdf_af_9a(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8253,17 +8649,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( +static KRML_MUSTINLINE void deserialize_then_decompress_u_1c( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8276,17 +8671,21 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_7f( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_then_decompress_ring_element_u_80(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_10(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); + ntt_vector_u_b2(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8294,7 +8693,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_9b( +compute_message_a5( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8303,11 +8702,35 @@ compute_message_9b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 product = ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); - invert_ntt_montgomery_24(&result); - result = subtract_reduce_89_36(v, result); + invert_ntt_montgomery_e6(&result); + result = subtract_reduce_89_e1(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -8318,20 +8741,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_13( +static void decrypt_unpacked_c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_7f(ciphertext, u_as_ntt); + deserialize_then_decompress_u_1c(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_19( + deserialize_then_decompress_ring_element_v_4f( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_9b(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_a5(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_b1(message, ret0); + compress_then_serialize_message_66(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8370,83 +8792,82 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_fa( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_13(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_c1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_a9_dd( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_d2(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_a3(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_d6( +static KRML_MUSTINLINE void deserialize_secret_key_f6( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_9b();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8454,9 +8875,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_d6( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_42(secret_bytes); + deserialize_to_uncompressed_ring_element_35(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8474,21 +8895,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_d9(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_d6(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0[2U]; + deserialize_secret_key_f6(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_13(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_c1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8514,41 +8936,37 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_26( +void libcrux_ml_kem_ind_cca_decapsulate_b6( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_d9(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_49(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_a9_e1( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_a9_e1(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -8557,34 +8975,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_26( libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_a9_dd( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_35(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ab( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_9a(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ab(shared_secret0, shared_secret); + kdf_af_9a(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index 449e5df23..af80f721d 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem_avx2_H @@ -30,335 +30,311 @@ void libcrux_ml_kem_hash_functions_avx2_G(Eurydice_slice input, void libcrux_ml_kem_hash_functions_avx2_H(Eurydice_slice input, uint8_t ret[32U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_zero(void); +__m256i libcrux_ml_kem_vector_avx2_zero(void); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); +__m256i libcrux_ml_kem_vector_avx2_ZERO_ea(void); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array(Eurydice_slice array); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea( - Eurydice_slice array); +__m256i libcrux_ml_kem_vector_avx2_from_i16_array_ea(Eurydice_slice array); -void libcrux_ml_kem_vector_avx2_to_i16_array(core_core_arch_x86___m256i v, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array(__m256i v, int16_t ret[16U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_to_i16_array_ea(core_core_arch_x86___m256i x, - int16_t ret[16U]); +void libcrux_ml_kem_vector_avx2_to_i16_array_ea(__m256i x, int16_t ret[16U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_add( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_add(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_add_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_add_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_sub( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_sub(__m256i lhs, __m256i rhs); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_sub_ea( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i *rhs); +__m256i libcrux_ml_kem_vector_avx2_sub_ea(__m256i lhs, __m256i *rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea( - core_core_arch_x86___m256i v, int16_t c); +__m256i libcrux_ml_kem_vector_avx2_multiply_by_constant_ea(__m256i v, + int16_t c); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_bitwise_and_with_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_cond_subtract_3329( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_cond_subtract_3329_ea(__m256i vector); #define LIBCRUX_ML_KEM_VECTOR_AVX2_ARITHMETIC_BARRETT_MULTIPLIER \ ((int16_t)20159) -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce( - core_core_arch_x86___m256i vector); +/** + See Section 3.2 of the implementation notes document for an explanation + of this code. +*/ +__m256i libcrux_ml_kem_vector_avx2_arithmetic_barrett_reduce(__m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_barrett_reduce_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constant( + __m256i vector, int16_t constant); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( - core_core_arch_x86___m256i vector, int16_t constant); +__m256i libcrux_ml_kem_vector_avx2_montgomery_multiply_by_constant_ea( + __m256i vector, int16_t constant); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_compress_message_coefficient( + __m256i vector); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_compress_1_ea( - core_core_arch_x86___m256i vector); +__m256i libcrux_ml_kem_vector_avx2_compress_1_ea(__m256i vector); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs); +__m256i libcrux_ml_kem_vector_avx2_compress_mulhi_mm256_epi32(__m256i lhs, + __m256i rhs); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( - core_core_arch_x86___m256i v, core_core_arch_x86___m256i c); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_by_constants( + __m256i v, __m256i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m128i +__m128i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_multiply_m128i_by_constants( - core_core_arch_x86___m128i v, core_core_arch_x86___m128i c); + __m128i v, __m128i c); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_1_step( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1, - int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_1_step_ea( + __m256i vector, int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_2_step(__m256i vector, + int16_t zeta0, + int16_t zeta1); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta0, int16_t zeta1); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_2_step_ea(__m256i vector, + int16_t zeta0, + int16_t zeta1); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_ntt_inv_ntt_layer_3_step(__m256i vector, + int16_t zeta); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea( - core_core_arch_x86___m256i vector, int16_t zeta); +__m256i libcrux_ml_kem_vector_avx2_inv_ntt_layer_3_step_ea(__m256i vector, + int16_t zeta); -core_core_arch_x86___m256i -libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s( - core_core_arch_x86___m256i v); +__m256i libcrux_ml_kem_vector_avx2_arithmetic_montgomery_reduce_i32s(__m256i v); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply( - core_core_arch_x86___m256i lhs, core_core_arch_x86___m256i rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_ntt_multiply(__m256i lhs, __m256i rhs, + int16_t zeta0, + int16_t zeta1, + int16_t zeta2, + int16_t zeta3); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea( - core_core_arch_x86___m256i *lhs, core_core_arch_x86___m256i *rhs, - int16_t zeta0, int16_t zeta1, int16_t zeta2, int16_t zeta3); +__m256i libcrux_ml_kem_vector_avx2_ntt_multiply_ea(__m256i *lhs, __m256i *rhs, + int16_t zeta0, int16_t zeta1, + int16_t zeta2, + int16_t zeta3); -void libcrux_ml_kem_vector_avx2_serialize_serialize_1( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_1(__m256i vector, + uint8_t ret[2U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_1_ea( - core_core_arch_x86___m256i vector, uint8_t ret[2U]); +void libcrux_ml_kem_vector_avx2_serialize_1_ea(__m256i vector, uint8_t ret[2U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_1( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_1_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_4( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_4(__m256i vector, + uint8_t ret[8U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_4_ea( - core_core_arch_x86___m256i vector, uint8_t ret[8U]); +void libcrux_ml_kem_vector_avx2_serialize_4_ea(__m256i vector, uint8_t ret[8U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_4( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_4_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_5( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_5(__m256i vector, + uint8_t ret[10U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_5_ea( - core_core_arch_x86___m256i vector, uint8_t ret[10U]); +void libcrux_ml_kem_vector_avx2_serialize_5_ea(__m256i vector, + uint8_t ret[10U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_5( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_5_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_10( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_10(__m256i vector, + uint8_t ret[20U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_10_ea( - core_core_arch_x86___m256i vector, uint8_t ret[20U]); +void libcrux_ml_kem_vector_avx2_serialize_10_ea(__m256i vector, + uint8_t ret[20U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_10( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_10_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_11( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_11(__m256i vector, + uint8_t ret[22U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_11_ea( - core_core_arch_x86___m256i vector, uint8_t ret[22U]); +void libcrux_ml_kem_vector_avx2_serialize_11_ea(__m256i vector, + uint8_t ret[22U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_11( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_11_ea(Eurydice_slice bytes); -void libcrux_ml_kem_vector_avx2_serialize_serialize_12( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_serialize_12(__m256i vector, + uint8_t ret[24U]); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -void libcrux_ml_kem_vector_avx2_serialize_12_ea( - core_core_arch_x86___m256i vector, uint8_t ret[24U]); +void libcrux_ml_kem_vector_avx2_serialize_12_ea(__m256i vector, + uint8_t ret[24U]); -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( +__m256i libcrux_ml_kem_vector_avx2_serialize_deserialize_12( Eurydice_slice bytes); /** This function found in impl {(libcrux_ml_kem::vector::traits::Operations for libcrux_ml_kem::vector::avx2::SIMD256Vector)} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea( - Eurydice_slice bytes); +__m256i libcrux_ml_kem_vector_avx2_deserialize_12_ea(Eurydice_slice bytes); size_t libcrux_ml_kem_vector_avx2_sampling_rejection_sample( Eurydice_slice input, Eurydice_slice output); @@ -374,8 +350,7 @@ size_t libcrux_ml_kem_vector_avx2_rej_sample_ea(Eurydice_slice input, This function found in impl {(core::clone::Clone for libcrux_ml_kem::vector::avx2::SIMD256Vector)#1} */ -core_core_arch_x86___m256i libcrux_ml_kem_vector_avx2_clone_3a( - core_core_arch_x86___m256i *self); +__m256i libcrux_ml_kem_vector_avx2_clone_3a(__m256i *self); /** A monomorphic instance of libcrux_ml_kem.polynomial.PolynomialRingElement @@ -383,7 +358,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector */ typedef struct libcrux_ml_kem_polynomial_PolynomialRingElement_d2_s { - core_core_arch_x86___m256i coefficients[16U]; + __m256i coefficients[16U]; } libcrux_ml_kem_polynomial_PolynomialRingElement_d2; /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index e82ce94ef..5a72462c0 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_mlkem_neon.h" @@ -17,8 +17,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_G(Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_neon_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -26,7 +25,6 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_neon_H(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_neon_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 138774405..87456599c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index 8cd0d81d5..cbd69752e 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_mlkem_portable.h" @@ -20,8 +20,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_G( Eurydice_slice input, uint8_t ret[64U]) { uint8_t digest[64U] = {0U}; libcrux_sha3_portable_sha512( - Eurydice_array_to_slice((size_t)64U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)64U, digest, uint8_t), input); memcpy(ret, digest, (size_t)64U * sizeof(uint8_t)); } @@ -29,8 +28,7 @@ KRML_MUSTINLINE void libcrux_ml_kem_hash_functions_portable_H( Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_sha256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -75,10 +73,8 @@ libcrux_ml_kem_vector_portable_vector_type_from_i16_array( int16_t ret[16U]; core_result_Result_c0 dst; Eurydice_slice_to_array2( - &dst, - Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t, - Eurydice_slice), - Eurydice_slice, int16_t[16U], void *); + &dst, Eurydice_slice_subslice2(array, (size_t)0U, (size_t)16U, int16_t), + Eurydice_slice, int16_t[16U]); core_result_unwrap_41_f9(dst, ret); memcpy(lit.elements, ret, (size_t)16U * sizeof(int16_t)); return lit; @@ -95,68 +91,64 @@ libcrux_ml_kem_vector_portable_from_i16_array_0d(Eurydice_slice array) { KRML_MUSTINLINE uint8_t_x11 libcrux_ml_kem_vector_portable_serialize_serialize_11_int(Eurydice_slice v) { - uint8_t r0 = - (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, int16_t); + uint8_t r0 = (uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)31) << 3U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 5U); - uint8_t r3 = (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r3 = + (uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) >> 2U & + (int16_t)255); uint8_t r4 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)127) << 1U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 10U); uint8_t r5 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 7U); uint8_t r6 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)1) << 7U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)4U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U); - uint8_t r7 = (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) >> - 1U & - (int16_t)255); + uint8_t r7 = + (uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) >> 1U & + (int16_t)255); uint8_t r8 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)5U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 9U); uint8_t r9 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)7) << 5U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U); - uint8_t r10 = (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, - int16_t *, int16_t) >> - 3U); + uint8_t r10 = + (uint8_t)(Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) >> 3U); return (CLITERAL(uint8_t_x11){.fst = r0, .snd = r1, .thd = r2, @@ -174,12 +166,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_11( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[22U]) { uint8_t_x11 r0_10 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x11 r11_21 = libcrux_ml_kem_vector_portable_serialize_serialize_11_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[22U] = {0U}; result[0U] = r0_10.fst; result[1U] = r0_10.snd; @@ -219,66 +210,56 @@ void libcrux_ml_kem_vector_portable_serialize_11_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)7) - << 8U | - (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 5U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 3U; - int16_t r2 = (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)1) - << 10U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) - << 2U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r3 = ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 7U | - (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) >> - 1U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)127) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r5 = (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 9U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) - << 1U) | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 7U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)31) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, - uint8_t *, uint8_t) - << 3U | - (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) >> - 5U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)7) + << 8U | + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)63) + << 5U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 3U; + int16_t r2 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) & + (int16_t)1) + << 10U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) + << 2U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 6U; + int16_t r3 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)15) + << 7U | + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) >> + 1U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)127) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) >> + 4U; + int16_t r5 = + (((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)3) + << 9U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) + << 1U) | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 7U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) & + (int16_t)31) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 2U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)10U, uint8_t, uint8_t *) + << 3U | + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) >> + 5U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -314,12 +295,10 @@ libcrux_ml_kem_vector_portable_vector_type_zero(void) { KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_11(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)11U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_11_int( - Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)11U, (size_t)22U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1018,6 +997,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( return libcrux_ml_kem_vector_portable_arithmetic_cond_subtract_3329(v); } +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value) { int32_t t = (int32_t)value * @@ -1053,6 +1045,20 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( return libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce(v); } +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value) { int32_t k = @@ -1071,6 +1077,17 @@ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( return value_high - c; } +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ KRML_MUSTINLINE int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer) { @@ -1102,6 +1119,28 @@ libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( v, r); } +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe) { int16_t shifted = (int16_t)1664 - (int16_t)fe; @@ -1374,6 +1413,28 @@ libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( return libcrux_ml_kem_vector_portable_ntt_inv_ntt_layer_3_step(a, zeta); } +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, @@ -1465,19 +1526,17 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_1(Eurydice_slice v) { libcrux_ml_kem_vector_portable_vector_type_zero(); KRML_MAYBE_FOR8( i, (size_t)0U, (size_t)8U, (size_t)1U, size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)0U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)i0 & - 1U);); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)0U, uint8_t, uint8_t *) >> + (uint32_t)i0 & + 1U);); for (size_t i = (size_t)8U; i < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_ELEMENTS_IN_VECTOR; i++) { size_t i0 = i; - result.elements[i0] = - (int16_t)((uint32_t)Eurydice_slice_index(v, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - (uint32_t)(i0 - (size_t)8U) & - 1U); + result.elements[i0] = (int16_t)((uint32_t)Eurydice_slice_index( + v, (size_t)1U, uint8_t, uint8_t *) >> + (uint32_t)(i0 - (size_t)8U) & + 1U); } return result; } @@ -1493,26 +1552,26 @@ libcrux_ml_kem_vector_portable_deserialize_1_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x4 libcrux_ml_kem_vector_portable_serialize_serialize_4_int(Eurydice_slice v) { - uint8_t result0 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)1U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)0U, int16_t, int16_t *, int16_t); - uint8_t result1 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)3U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)2U, int16_t, int16_t *, int16_t); - uint8_t result2 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)5U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)4U, int16_t, int16_t *, int16_t); - uint8_t result3 = (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)7U, int16_t, int16_t *, int16_t) - << 4U | - (uint32_t)(uint8_t)Eurydice_slice_index( - v, (size_t)6U, int16_t, int16_t *, int16_t); + uint8_t result0 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)0U, int16_t, + int16_t *); + uint8_t result1 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)2U, int16_t, + int16_t *); + uint8_t result2 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)4U, int16_t, + int16_t *); + uint8_t result3 = + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) + << 4U | + (uint32_t)(uint8_t)Eurydice_slice_index(v, (size_t)6U, int16_t, + int16_t *); return (CLITERAL(uint8_t_x4){ .fst = result0, .snd = result1, .thd = result2, .f3 = result3}); } @@ -1523,11 +1582,11 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_4( uint8_t_x4 result0_3 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t_x4 result4_7 = libcrux_ml_kem_vector_portable_serialize_serialize_4_int( Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, - int16_t, Eurydice_slice)); + int16_t)); uint8_t result[8U] = {0U}; result[0U] = result0_3.fst; result[1U] = result0_3.snd; @@ -1553,32 +1612,32 @@ void libcrux_ml_kem_vector_portable_serialize_4_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 15U); - int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + int16_t v1 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 15U); - int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v3 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U & 15U); - int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 15U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 4U & 15U); return (CLITERAL(int16_t_x8){.fst = v0, @@ -1594,11 +1653,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_4(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)4U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_4_int( - Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)4U, (size_t)8U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1632,40 +1689,24 @@ libcrux_ml_kem_vector_portable_deserialize_4_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_5_int(Eurydice_slice v) { uint8_t r0 = - (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) | - Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, int16_t) - << 5U); + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) | + Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) << 5U); uint8_t r1 = - (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 3U | - Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 3U | + Eurydice_slice_index(v, (size_t)2U, int16_t, int16_t *) << 2U) | - Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, int16_t) - << 7U); + Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) << 7U); uint8_t r2 = - (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 1U | - Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, int16_t) - << 4U); + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 1U | + Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) << 4U); uint8_t r3 = - (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *, - int16_t) >> - 4U | - Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *, - int16_t) + (uint8_t)((Eurydice_slice_index(v, (size_t)4U, int16_t, int16_t *) >> 4U | + Eurydice_slice_index(v, (size_t)5U, int16_t, int16_t *) << 1U) | - Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, int16_t) - << 6U); + Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) << 6U); uint8_t r4 = - (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *, - int16_t) >> - 2U | - Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *, int16_t) - << 3U); + (uint8_t)(Eurydice_slice_index(v, (size_t)6U, int16_t, int16_t *) >> 2U | + Eurydice_slice_index(v, (size_t)7U, int16_t, int16_t *) << 3U); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1674,11 +1715,10 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_5( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[10U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)8U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_5_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)16U, + int16_t)); uint8_t result[10U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1706,44 +1746,44 @@ void libcrux_ml_kem_vector_portable_serialize_5_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( Eurydice_slice bytes) { - int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) & + int16_t v0 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) & 31U); - int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) & + int16_t v1 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) & 3U) << 3U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)0U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)0U, + uint8_t, uint8_t *) >> 5U); - int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + int16_t v2 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 2U & 31U); - int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) & + int16_t v3 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) & 15U) << 1U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)1U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)1U, + uint8_t, uint8_t *) >> 7U); - int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) & + int16_t v4 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) & 1U) << 4U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)2U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)2U, + uint8_t, uint8_t *) >> 4U); - int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + int16_t v5 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 1U & 31U); - int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) & + int16_t v6 = (int16_t)(((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) & 7U) << 2U | - (uint32_t)Eurydice_slice_index( - bytes, (size_t)3U, uint8_t, uint8_t *, uint8_t) >> + (uint32_t)Eurydice_slice_index(bytes, (size_t)3U, + uint8_t, uint8_t *) >> 6U); - int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index( - bytes, (size_t)4U, uint8_t, uint8_t *, uint8_t) >> + int16_t v7 = (int16_t)((uint32_t)Eurydice_slice_index(bytes, (size_t)4U, + uint8_t, uint8_t *) >> 3U); return (CLITERAL(int16_t_x8){.fst = v0, .snd = v1, @@ -1758,11 +1798,9 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_5(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)5U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_5_int( - Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)5U, (size_t)10U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1795,37 +1833,36 @@ libcrux_ml_kem_vector_portable_deserialize_5_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x5 libcrux_ml_kem_vector_portable_serialize_serialize_10_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); uint8_t r1 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)63) << 2U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 8U & (int16_t)3); uint8_t r2 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)15) << 4U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 6U & (int16_t)15); uint8_t r3 = (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, - int16_t *, int16_t) & + int16_t *) & (int16_t)3) << 6U | (uint32_t)(uint8_t)(Eurydice_slice_index(v, (size_t)2U, int16_t, - int16_t *, int16_t) >> + int16_t *) >> 4U & (int16_t)63); - uint8_t r4 = (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *, - int16_t) >> - 2U & - (int16_t)255); + uint8_t r4 = + (uint8_t)(Eurydice_slice_index(v, (size_t)3U, int16_t, int16_t *) >> 2U & + (int16_t)255); return (CLITERAL(uint8_t_x5){ .fst = r0, .snd = r1, .thd = r2, .f3 = r3, .f4 = r4}); } @@ -1834,17 +1871,15 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_10( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[20U]) { uint8_t_x5 r0_4 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)4U, int16_t)); uint8_t_x5 r5_9 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)8U, int16_t)); uint8_t_x5 r10_14 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)12U, + int16_t)); uint8_t_x5 r15_19 = libcrux_ml_kem_vector_portable_serialize_serialize_10_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)16U, + int16_t)); uint8_t result[20U] = {0U}; result[0U] = r0_4.fst; result[1U] = r0_4.snd; @@ -1882,60 +1917,52 @@ void libcrux_ml_kem_vector_portable_serialize_10_0d( KRML_MUSTINLINE int16_t_x8 libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( Eurydice_slice bytes) { - int16_t r0 = ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r1 = ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r2 = ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r3 = (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, - uint8_t *, uint8_t) >> - 6U; - int16_t r4 = ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)3) - << 8U | - ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)255); - int16_t r5 = ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)15) - << 6U | - (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, - uint8_t *, uint8_t) >> - 2U; - int16_t r6 = ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) & - (int16_t)63) - << 4U | - (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, - uint8_t *, uint8_t) >> - 4U; - int16_t r7 = (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, - uint8_t *, uint8_t) - << 2U | - (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, - uint8_t *, uint8_t) >> - 6U; + int16_t r0 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r1 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *) >> + 2U; + int16_t r2 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *) >> + 4U; + int16_t r3 = + (int16_t)Eurydice_slice_index(bytes, (size_t)4U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)3U, uint8_t, uint8_t *) >> + 6U; + int16_t r4 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) & + (int16_t)3) + << 8U | + ((int16_t)Eurydice_slice_index(bytes, (size_t)5U, uint8_t, uint8_t *) & + (int16_t)255); + int16_t r5 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) & + (int16_t)15) + << 6U | + (int16_t)Eurydice_slice_index(bytes, (size_t)6U, uint8_t, uint8_t *) >> + 2U; + int16_t r6 = + ((int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) & + (int16_t)63) + << 4U | + (int16_t)Eurydice_slice_index(bytes, (size_t)7U, uint8_t, uint8_t *) >> + 4U; + int16_t r7 = + (int16_t)Eurydice_slice_index(bytes, (size_t)9U, uint8_t, uint8_t *) + << 2U | + (int16_t)Eurydice_slice_index(bytes, (size_t)8U, uint8_t, uint8_t *) >> + 6U; return (CLITERAL(int16_t_x8){.fst = r0, .snd = r1, .thd = r2, @@ -1949,12 +1976,10 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_10(Eurydice_slice bytes) { int16_t_x8 v0_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)10U, uint8_t)); int16_t_x8 v8_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_10_int( - Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)10U, (size_t)20U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector v = libcrux_ml_kem_vector_portable_vector_type_zero(); v.elements[0U] = v0_7.fst; @@ -1987,20 +2012,17 @@ libcrux_ml_kem_vector_portable_deserialize_10_0d(Eurydice_slice a) { KRML_MUSTINLINE uint8_t_x3 libcrux_ml_kem_vector_portable_serialize_serialize_12_int(Eurydice_slice v) { - uint8_t r0 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) & - (int16_t)255); - uint8_t r1 = (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *, - int16_t) >> - 8U | - (Eurydice_slice_index(v, (size_t)1U, int16_t, - int16_t *, int16_t) & - (int16_t)15) - << 4U); - uint8_t r2 = (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *, - int16_t) >> - 4U & - (int16_t)255); + uint8_t r0 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) & + (int16_t)255); + uint8_t r1 = + (uint8_t)(Eurydice_slice_index(v, (size_t)0U, int16_t, int16_t *) >> 8U | + (Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) & + (int16_t)15) + << 4U); + uint8_t r2 = + (uint8_t)(Eurydice_slice_index(v, (size_t)1U, int16_t, int16_t *) >> 4U & + (int16_t)255); return (CLITERAL(uint8_t_x3){.fst = r0, .snd = r1, .thd = r2}); } @@ -2008,29 +2030,25 @@ KRML_MUSTINLINE void libcrux_ml_kem_vector_portable_serialize_serialize_12( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, uint8_t ret[24U]) { uint8_t_x3 r0_2 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)0U, (size_t)2U, int16_t)); uint8_t_x3 r3_5 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)2U, (size_t)4U, int16_t)); uint8_t_x3 r6_8 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)4U, (size_t)6U, int16_t)); uint8_t_x3 r9_11 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)6U, (size_t)8U, int16_t)); uint8_t_x3 r12_14 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)8U, (size_t)10U, + int16_t)); uint8_t_x3 r15_17 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)10U, (size_t)12U, + int16_t)); uint8_t_x3 r18_20 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)12U, (size_t)14U, + int16_t)); uint8_t_x3 r21_23 = libcrux_ml_kem_vector_portable_serialize_serialize_12_int( - Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, int16_t, - Eurydice_slice)); + Eurydice_array_to_subslice2(v.elements, (size_t)14U, (size_t)16U, + int16_t)); uint8_t result[24U] = {0U}; result[0U] = r0_2.fst; result[1U] = r0_2.snd; @@ -2072,12 +2090,12 @@ void libcrux_ml_kem_vector_portable_serialize_12_0d( KRML_MUSTINLINE int16_t_x2 libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( Eurydice_slice bytes) { - int16_t byte0 = (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, - uint8_t *, uint8_t); - int16_t byte1 = (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, - uint8_t *, uint8_t); - int16_t byte2 = (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, - uint8_t *, uint8_t); + int16_t byte0 = + (int16_t)Eurydice_slice_index(bytes, (size_t)0U, uint8_t, uint8_t *); + int16_t byte1 = + (int16_t)Eurydice_slice_index(bytes, (size_t)1U, uint8_t, uint8_t *); + int16_t byte2 = + (int16_t)Eurydice_slice_index(bytes, (size_t)2U, uint8_t, uint8_t *); int16_t r0 = (byte1 & (int16_t)15) << 8U | (byte0 & (int16_t)255); int16_t r1 = byte2 << 4U | (byte1 >> 4U & (int16_t)15); return (CLITERAL(int16_t_x2){.fst = r0, .snd = r1}); @@ -2086,32 +2104,24 @@ libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_serialize_deserialize_12(Eurydice_slice bytes) { int16_t_x2 v0_1 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)0U, (size_t)3U, uint8_t)); int16_t_x2 v2_3 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)3U, (size_t)6U, uint8_t)); int16_t_x2 v4_5 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)6U, (size_t)9U, uint8_t)); int16_t_x2 v6_7 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)9U, (size_t)12U, uint8_t)); int16_t_x2 v8_9 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)12U, (size_t)15U, uint8_t)); int16_t_x2 v10_11 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)15U, (size_t)18U, uint8_t)); int16_t_x2 v12_13 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)18U, (size_t)21U, uint8_t)); int16_t_x2 v14_15 = libcrux_ml_kem_vector_portable_serialize_deserialize_12_int( - Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(bytes, (size_t)21U, (size_t)24U, uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector re = libcrux_ml_kem_vector_portable_vector_type_zero(); re.elements[0U] = v0_1.fst; @@ -2145,15 +2155,15 @@ libcrux_ml_kem_vector_portable_deserialize_12_0d(Eurydice_slice a) { KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( Eurydice_slice a, Eurydice_slice result) { size_t sampled = (size_t)0U; - for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(a, uint8_t, size_t) / (size_t)3U; i++) { + for (size_t i = (size_t)0U; i < Eurydice_slice_len(a, uint8_t) / (size_t)3U; + i++) { size_t i0 = i; int16_t b1 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)0U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b2 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)1U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t b3 = (int16_t)Eurydice_slice_index(a, i0 * (size_t)3U + (size_t)2U, - uint8_t, uint8_t *, uint8_t); + uint8_t, uint8_t *); int16_t d1 = (b2 & (int16_t)15) << 8U | b1; int16_t d2 = b3 << 4U | b2 >> 4U; bool uu____0; @@ -2165,7 +2175,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( int16_t uu____6; if (d1 < LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS) { if (sampled < (size_t)16U) { - Eurydice_slice_index(result, sampled, int16_t, int16_t *, int16_t) = d1; + Eurydice_slice_index(result, sampled, int16_t, int16_t *) = d1; sampled++; uu____1 = d2; uu____6 = LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS; @@ -2176,8 +2186,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2194,8 +2203,7 @@ KRML_MUSTINLINE size_t libcrux_ml_kem_vector_portable_sampling_rej_sample( if (uu____2) { uu____4 = d2; uu____5 = sampled; - Eurydice_slice_index(result, uu____5, int16_t, int16_t *, int16_t) = - uu____4; + Eurydice_slice_index(result, uu____5, int16_t, int16_t *) = uu____4; sampled++; continue; } @@ -2254,6 +2262,12 @@ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ZERO_89_8d(void) { return lit; } +/** + Only use with public values. + + This MUST NOT be used with secret inputs, like its caller + `deserialize_ring_elements_reduced`. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_to_reduced_ring_element with types @@ -2261,16 +2275,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_reduced_ring_element_a4(Eurydice_slice serialized) { +deserialize_to_reduced_ring_element_e1(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -2280,6 +2291,12 @@ deserialize_to_reduced_ring_element_a4(Eurydice_slice serialized) { return re; } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -2287,14 +2304,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1568 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d4( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d4( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -2302,9 +2319,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d4( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -2348,7 +2365,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -to_unsigned_representative_e5( +to_unsigned_representative_57( libcrux_ml_kem_vector_portable_vector_type_PortableVector a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector t = shift_right_0d_f2(a); @@ -2364,27 +2381,27 @@ libcrux_ml_kem.serialize.serialize_uncompressed_ring_element with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void serialize_uncompressed_ring_element_1d( +static KRML_MUSTINLINE void serialize_uncompressed_ring_element_3a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[384U]) { uint8_t serialized[384U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_e5(re->coefficients[i0]); + to_unsigned_representative_57(re->coefficients[i0]); uint8_t bytes[24U]; libcrux_ml_kem_vector_portable_serialize_12_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)24U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)24U * i0, (size_t)24U * i0 + (size_t)24U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)24U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)384U * sizeof(uint8_t)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2392,34 +2409,34 @@ with const generics - K= 4 - OUT_LEN= 1536 */ -static KRML_MUSTINLINE void serialize_secret_key_6d1( +static KRML_MUSTINLINE void serialize_secret_key_871( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1536U]) { uint8_t out[1536U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_1d(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_3a(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1536U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -2428,24 +2445,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static KRML_MUSTINLINE void serialize_public_key_eb1( +static KRML_MUSTINLINE void serialize_public_key_041( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1568U]) { uint8_t public_key_serialized[1568U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1536U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1536U, uint8_t); uint8_t ret0[1536U]; - serialize_secret_key_6d1(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_871(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1536U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1568U, public_key_serialized, - (size_t)1536U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1536U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); } @@ -2457,18 +2470,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_601(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c21(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; - deserialize_ring_elements_reduced_1d4( + deserialize_ring_elements_reduced_9d4( Eurydice_array_to_subslice_to((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_041( uu____0, Eurydice_array_to_subslice_from((size_t)1568U, public_key, (size_t)1536U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1568U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -2533,16 +2546,17 @@ shake128_init_absorb_b71(uint8_t input[4U][34U]) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[4U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[4U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_d1 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)4U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -2559,9 +2573,10 @@ generics */ static KRML_MUSTINLINE PortableHash_d1 shake128_init_absorb_f1_8c1(uint8_t input[4U][34U]) { - uint8_t uu____0[4U][34U]; - memcpy(uu____0, input, (size_t)4U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b71(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[4U][34U]; + memcpy(copy_of_input, input, (size_t)4U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b71(copy_of_input); } /** @@ -2577,8 +2592,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca1( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[504U])); } @@ -2597,6 +2611,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_691( shake128_squeeze_three_blocks_ca1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2615,12 +2670,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c3( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2646,11 +2700,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_dd1(PortableHash_d1 *st, uint8_t ret[4U][168U]) { uint8_t out[4U][168U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[168U])); } @@ -2669,6 +2723,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_601( shake128_squeeze_block_dd1(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -2687,12 +2782,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c4( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -2728,8 +2822,7 @@ from_i16_array_89_ca(Eurydice_slice a) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_from_i16_array_0d( Eurydice_slice_subslice2(a, i0 * (size_t)16U, - (i0 + (size_t)1U) * (size_t)16U, int16_t, - Eurydice_slice)); + (i0 + (size_t)1U) * (size_t)16U, int16_t)); result.coefficients[i0] = uu____0; } return result; @@ -2744,8 +2837,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f1( int16_t s[272U]) { - return from_i16_array_89_ca(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -2760,32 +2853,37 @@ static KRML_MUSTINLINE void sample_from_xof_d41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { size_t sampled_coefficients[4U] = {0U}; int16_t out[4U][272U] = {{0U}}; - uint8_t uu____0[4U][34U]; - memcpy(uu____0, seeds, (size_t)4U * sizeof(uint8_t[34U])); - PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); + PortableHash_d1 xof_state = shake128_init_absorb_f1_8c1(copy_of_seeds); uint8_t randomness0[4U][504U]; shake128_squeeze_three_blocks_f1_691(&xof_state, randomness0); - uint8_t uu____1[4U][504U]; - memcpy(uu____1, randomness0, (size_t)4U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[4U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)4U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_2c3( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[4U][168U]; shake128_squeeze_block_f1_601(&xof_state, randomness); - uint8_t uu____2[4U][168U]; - memcpy(uu____2, randomness, (size_t)4U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[4U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)4U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_2c4( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[4U][272U]; - memcpy(uu____3, out, (size_t)4U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[4U][272U]; + memcpy(copy_of_out, out, (size_t)4U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, - ret0[i] = closure_2f1(uu____3[i]);); + ret0[i] = closure_2f1(copy_of_out[i]);); memcpy( ret, ret0, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -2806,24 +2904,25 @@ static KRML_MUSTINLINE void sample_matrix_A_051( closure_081(A_transpose[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[4U][34U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[4U][34U]; - memcpy(uu____1, seeds, (size_t)4U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[4U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)4U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[4U]; - sample_from_xof_d41(uu____1, sampled); + sample_from_xof_d41(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -2832,7 +2931,9 @@ static KRML_MUSTINLINE void sample_matrix_A_051( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); @@ -2858,12 +2959,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c52(uint8_t (*input)[33U], uint8_t ret[4U][128U]) { uint8_t out[4U][128U] = {{0U}}; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR4( + i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)4U * sizeof(uint8_t[128U])); } @@ -2882,6 +2982,55 @@ static KRML_MUSTINLINE void PRFxN_f1_932(uint8_t (*input)[33U], PRFxN_c52(input, ret); } +/** + Given a series of uniformly random bytes in `randomness`, for some number + `eta`, the `sample_from_binomial_distribution_{eta}` functions sample a ring + element from a binomial distribution centered at 0 that uses two sets of `eta` + coin flips. If, for example, `eta = ETA`, each ring coefficient is a value `v` + such such that `v ∈ {-ETA, -ETA + 1, ..., 0, ..., ETA + 1, ETA}` and: + + ```plaintext + - If v < 0, Pr[v] = Pr[-v] + - If v >= 0, Pr[v] = BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / 2 ^ (2 * ETA) + ``` + + The values `v < 0` are mapped to the appropriate `KyberFieldElement`. + + The expected value is: + + ```plaintext + E[X] = (-ETA)Pr[-ETA] + (-(ETA - 1))Pr[-(ETA - 1)] + ... + (ETA - 1)Pr[ETA - 1] + + (ETA)Pr[ETA] = 0 since Pr[-v] = Pr[v] when v < 0. + ``` + + And the variance is: + + ```plaintext + Var(X) = E[(X - E[X])^2] + = E[X^2] + = sum_(v=-ETA to ETA)v^2 * (BINOMIAL_COEFFICIENT(2 * ETA; ETA - v) / + 2^(2 * ETA)) = ETA / 2 + ``` + + This function implements Algorithm 7 of the NIST FIPS 203 + standard, which is reproduced below: + + ```plaintext + Input: byte array B ∈ 𝔹^{64η}. + Output: array f ∈ ℤ₂₅₆. + + b ← BytesToBits(B) + for (i ← 0; i < 256; i++) + x ← ∑(j=0 to η - 1) b[2iη + j] + y ← ∑(j=0 to η - 1) b[2iη + η + j] + f[i] ← x−y mod q + end for + return f + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_binomial_distribution_2 with types @@ -2892,24 +3041,22 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)4U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)4U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)4U, - chunk_number * (size_t)4U + (size_t)4U, uint8_t, Eurydice_slice); + chunk_number * (size_t)4U + (size_t)4U, uint8_t); uint32_t random_bits_as_u32 = (((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)3U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 24U; uint32_t even_bits = random_bits_as_u32 & 1431655765U; uint32_t odd_bits = random_bits_as_u32 >> 1U & 1431655765U; @@ -2925,8 +3072,8 @@ sample_from_binomial_distribution_2_52(Eurydice_slice randomness) { sampled_i16s[(size_t)8U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_ca(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -2939,21 +3086,19 @@ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { int16_t sampled_i16s[256U] = {0U}; for (size_t i0 = (size_t)0U; - i0 < - core_slice___Slice_T___len(randomness, uint8_t, size_t) / (size_t)3U; - i0++) { + i0 < Eurydice_slice_len(randomness, uint8_t) / (size_t)3U; i0++) { size_t chunk_number = i0; Eurydice_slice byte_chunk = Eurydice_slice_subslice2( randomness, chunk_number * (size_t)3U, - chunk_number * (size_t)3U + (size_t)3U, uint8_t, Eurydice_slice); + chunk_number * (size_t)3U + (size_t)3U, uint8_t); uint32_t random_bits_as_u24 = ((uint32_t)Eurydice_slice_index(byte_chunk, (size_t)0U, uint8_t, - uint8_t *, uint8_t) | + uint8_t *) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)1U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 8U) | (uint32_t)Eurydice_slice_index(byte_chunk, (size_t)2U, uint8_t, - uint8_t *, uint8_t) + uint8_t *) << 16U; uint32_t first_bits = random_bits_as_u24 & 2396745U; uint32_t second_bits = random_bits_as_u24 >> 1U & 2396745U; @@ -2971,8 +3116,8 @@ sample_from_binomial_distribution_3_b0(Eurydice_slice randomness) { sampled_i16s[(size_t)4U * chunk_number + offset] = outcome_1 - outcome_2; } } - return from_i16_array_89_ca(Eurydice_array_to_slice( - (size_t)256U, sampled_i16s, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_slice((size_t)256U, sampled_i16s, int16_t)); } /** @@ -3000,9 +3145,8 @@ static KRML_MUSTINLINE void ntt_at_layer_7_09( libcrux_ml_kem_vector_portable_vector_type_PortableVector t = libcrux_ml_kem_vector_portable_multiply_by_constant_0d( re->coefficients[j + step], (int16_t)-1600); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[j + step] = libcrux_ml_kem_vector_portable_sub_0d(re->coefficients[j], &t); - re->coefficients[j + step] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = libcrux_ml_kem_vector_portable_add_0d(re->coefficients[j], &t); re->coefficients[j] = uu____1; @@ -3107,13 +3251,13 @@ static KRML_MUSTINLINE void ntt_at_layer_2_23( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)1U;); + zeta_i[0U] = zeta_i[0U] + (size_t)1U;); } /** @@ -3127,7 +3271,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_43( KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] + (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3137,7 +3281,7 @@ static KRML_MUSTINLINE void ntt_at_layer_1_43( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] + (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] + (size_t)3U;); + zeta_i[0U] = zeta_i[0U] + (size_t)3U;); } /** @@ -3181,6 +3325,10 @@ static KRML_MUSTINLINE void ntt_binomially_sampled_ring_element_28( poly_barrett_reduce_89_61(re); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3195,12 +3343,13 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, re_as_ntt[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3208,23 +3357,49 @@ static KRML_MUSTINLINE tuple_710 sample_vector_cbd_then_ntt_a71( PRFxN_f1_932(prf_inputs, prf_outputs); KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[4U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two `KyberPolynomialRingElement`s in their NTT representations, + compute their product. Given two polynomials in the NTT domain `f^` and `ĵ`, + the `iᵗʰ` coefficient of the product `k̂` is determined by the calculation: + + ```plaintext + ĥ[2·i] + ĥ[2·i + 1]X = (f^[2·i] + f^[2·i + 1]X)·(ĝ[2·i] + ĝ[2·i + 1]X) mod (X² + - ζ^(2·BitRev₇(i) + 1)) + ``` + + This function almost implements Algorithm 10 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: Two arrays fˆ ∈ ℤ₂₅₆ and ĝ ∈ ℤ₂₅₆. + Output: An array ĥ ∈ ℤq. + + for(i ← 0; i < 128; i++) + (ĥ[2i], ĥ[2i+1]) ← BaseCaseMultiply(fˆ[2i], fˆ[2i+1], ĝ[2i], ĝ[2i+1], + ζ^(2·BitRev₇(i) + 1)) end for return ĥ + ``` + We say "almost" because the coefficients of the ring element output by + this function are in the Montgomery domain. + + The NIST FIPS 203 standard can be found at + . +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3261,6 +3436,10 @@ ntt_multiply_89_17(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return out; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -3275,13 +3454,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -3330,6 +3507,9 @@ static KRML_MUSTINLINE void add_standard_error_reduce_89_22( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -3345,22 +3525,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb1( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -3376,6 +3554,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb1( (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3385,13 +3604,13 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_d11( +static tuple_540 generate_keypair_unpacked_0f1( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e41(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; @@ -3401,53 +3620,59 @@ static tuple_540 generate_keypair_unpacked_d11( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a71(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_a71(copy_of_prf_input, domain_separator).fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U][4U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[4U] + [4U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_540){.fst = sk, .snd = pk}); } @@ -3466,7 +3691,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f01( +static void closure_411( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -3482,7 +3707,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_3a( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_13( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3522,27 +3747,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_540 uu____0 = generate_keypair_unpacked_d11(ind_cpa_keypair_randomness); + size_t); + tuple_540 uu____0 = generate_keypair_unpacked_0f1(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_f01(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_411(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_3a(&ind_cpa_public_key.A[j][i1]); + clone_d5_13(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -3552,36 +3776,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a1(uint8_t randomness[64U]) { (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); uint8_t pk_serialized[1568U]; - serialize_public_key_eb1( + serialize_public_key_041( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_1a1(Eurydice_array_to_slice((size_t)1568U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_42 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -3598,28 +3825,70 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_c51( +static libcrux_ml_kem_utils_extraction_helper_Keypair1024 generate_keypair_6e1( Eurydice_slice key_generation_seed) { - tuple_540 uu____0 = generate_keypair_unpacked_d11(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 pk = uu____0.snd; + uint8_t hashed[64U]; + G_f1_e41(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[4U][4U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_051(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____2 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[4U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_a71(copy_of_prf_input, domain_separator).fst, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; + compute_As_plus_e_cb1(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1568U]; - serialize_public_key_eb1(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_041( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1536U]; - serialize_secret_key_6d1(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1536U]; - memcpy(uu____1, secret_key_serialized, (size_t)1536U * sizeof(uint8_t)); - uint8_t uu____2[1568U]; - memcpy(uu____2, public_key_serialized, (size_t)1568U * sizeof(uint8_t)); + serialize_secret_key_871(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1536U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1568U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair1024 lit; - memcpy(lit.fst, uu____1, (size_t)1536U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1568U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1536U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1568U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] @@ -3627,7 +3896,7 @@ with const generics - K= 4 - SERIALIZED_KEY_LEN= 3168 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_66( +static KRML_MUSTINLINE void serialize_kem_secret_key_d8( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[3168U]) { uint8_t out[3168U] = {0U}; @@ -3635,46 +3904,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_66( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_1a1(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)3168U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3689,39 +3960,42 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem1024_MlKem1024KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef1(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f91(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair1024 uu____0 = - generate_keypair_c51(ind_cpa_keypair_randomness); + generate_keypair_6e1(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1536U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1536U * sizeof(uint8_t)); uint8_t public_key[1568U]; memcpy(public_key, uu____0.snd, (size_t)1568U * sizeof(uint8_t)); uint8_t secret_key_serialized[3168U]; - serialize_kem_secret_key_66( - Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_d8( + Eurydice_array_to_slice((size_t)1536U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1568U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[3168U]; - memcpy(uu____1, secret_key_serialized, (size_t)3168U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[3168U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)3168U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_95 private_key = - libcrux_ml_kem_types_from_05_701(uu____1); + libcrux_ml_kem_types_from_05_db1(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_95 uu____2 = private_key; - uint8_t uu____3[1568U]; - memcpy(uu____3, public_key, (size_t)1568U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb1( - uu____2, libcrux_ml_kem_types_from_b6_a31(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1568U]; + memcpy(copy_of_public_key, public_key, (size_t)1568U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_121( + uu____2, libcrux_ml_kem_types_from_b6_8e1(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -3732,16 +4006,17 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_710 -sample_ring_element_cbd_bf1(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_381(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, error_1[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[4U][33U]; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -3750,16 +4025,17 @@ sample_ring_element_cbd_bf1(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[4U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_710 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -3773,8 +4049,7 @@ with const generics static KRML_MUSTINLINE void PRF_2b0(Eurydice_slice input, uint8_t ret[128U]) { uint8_t digest[128U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)128U, digest, uint8_t), input); memcpy(ret, digest, (size_t)128U * sizeof(uint8_t)); } @@ -3799,12 +4074,12 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( +static KRML_MUSTINLINE void invert_ntt_at_layer_1_46( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_1_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], @@ -3814,7 +4089,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_1_13( (size_t)2U], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)3U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)3U;); + zeta_i[0U] = zeta_i[0U] - (size_t)3U;); } /** @@ -3823,18 +4098,18 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_2_cd( +static KRML_MUSTINLINE void invert_ntt_at_layer_2_53( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; zeta_i[0U] = zeta_i[0U] - (size_t)1U; - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + re->coefficients[round] = libcrux_ml_kem_vector_portable_inv_ntt_layer_2_step_0d( re->coefficients[round], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U] - (size_t)1U]); - re->coefficients[round] = uu____0; zeta_i[0U] = zeta_i[0U] - (size_t)1U;); + zeta_i[0U] = zeta_i[0U] - (size_t)1U;); } /** @@ -3843,7 +4118,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_3_74( +static KRML_MUSTINLINE void invert_ntt_at_layer_3_17( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t round = i; @@ -3863,7 +4138,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 - inv_ntt_layer_int_vec_step_reduce_bf( + inv_ntt_layer_int_vec_step_reduce_d9( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, libcrux_ml_kem_vector_portable_vector_type_PortableVector b, int16_t zeta_r) { @@ -3883,7 +4158,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_52( +static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_1a( size_t *zeta_i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, size_t layer) { size_t step = (size_t)1U << (uint32_t)layer; @@ -3898,7 +4173,7 @@ static KRML_MUSTINLINE void invert_ntt_at_layer_4_plus_52( for (size_t i = offset_vec; i < offset_vec + step_vec; i++) { size_t j = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2 uu____0 = - inv_ntt_layer_int_vec_step_reduce_bf( + inv_ntt_layer_int_vec_step_reduce_d9( re->coefficients[j], re->coefficients[j + step_vec], libcrux_ml_kem_polynomial_ZETAS_TIMES_MONTGOMERY_R[zeta_i[0U]]); libcrux_ml_kem_vector_portable_vector_type_PortableVector x = uu____0.fst; @@ -3915,17 +4190,17 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b1( +static KRML_MUSTINLINE void invert_ntt_montgomery_951( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_13(&zeta_i, re); - invert_ntt_at_layer_2_cd(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_46(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_17(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } @@ -3939,7 +4214,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void add_error_reduce_89_53( +static KRML_MUSTINLINE void add_error_reduce_89_c3( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error) { for (size_t i = (size_t)0U; @@ -3957,13 +4232,16 @@ static KRML_MUSTINLINE void add_error_reduce_89_53( } } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void compute_vector_u_111( +static KRML_MUSTINLINE void compute_vector_u_221( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[4U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -3972,22 +4250,20 @@ static KRML_MUSTINLINE void compute_vector_u_111( KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -3995,8 +4271,8 @@ static KRML_MUSTINLINE void compute_vector_u_111( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e81(&result[i1], &product); } - invert_ntt_montgomery_7b1(&result[i1]); - add_error_reduce_89_53(&result[i1], &error_1[i1]); + invert_ntt_montgomery_951(&result[i1]); + add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, @@ -4010,7 +4286,7 @@ with const generics */ static libcrux_ml_kem_vector_portable_vector_type_PortableVector -decompress_1_9f(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { +decompress_1_b3(libcrux_ml_kem_vector_portable_vector_type_PortableVector v) { libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_ZERO_0d(); return libcrux_ml_kem_vector_portable_bitwise_and_with_constant_0d( @@ -4024,7 +4300,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_message_c0(uint8_t serialized[32U]) { +deserialize_then_decompress_message_6c(uint8_t serialized[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; @@ -4033,9 +4309,9 @@ deserialize_then_decompress_message_c0(uint8_t serialized[32U]) { libcrux_ml_kem_vector_portable_deserialize_1_0d( Eurydice_array_to_subslice2(serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = - decompress_1_9f(coefficient_compressed); + decompress_1_b3(coefficient_compressed); re.coefficients[i0] = uu____0;); return re; } @@ -4051,7 +4327,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -add_message_error_reduce_89_60( +add_message_error_reduce_89_a1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *message, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 result) { @@ -4074,6 +4350,9 @@ add_message_error_reduce_89_60( return result; } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4081,7 +4360,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d81( +compute_ring_element_v_ba1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -4091,8 +4370,8 @@ compute_ring_element_v_d81( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = add_message_error_reduce_89_60(error_2, message, result); + invert_ntt_montgomery_951(&result); + result = add_message_error_reduce_89_a1(error_2, message, result); return result; } @@ -4166,23 +4445,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_11_510( +static KRML_MUSTINLINE void compress_then_serialize_11_f80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t serialized[352U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_990(to_unsigned_representative_e5(re->coefficients[i0])); + compress_0d_990(to_unsigned_representative_57(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_portable_serialize_11_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)22U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)22U * i0, (size_t)22U * i0 + (size_t)22U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)22U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)352U * sizeof(uint8_t)); } @@ -4194,13 +4470,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 - OUT_LEN= 352 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_420( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_540( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[352U]) { uint8_t uu____0[352U]; - compress_then_serialize_11_510(re, uu____0); + compress_then_serialize_11_f80(re, uu____0); memcpy(ret, uu____0, (size_t)352U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4210,29 +4489,25 @@ with const generics - COMPRESSION_FACTOR= 11 - BLOCK_LEN= 352 */ -static void compress_then_serialize_u_e71( +static void compress_then_serialize_u_621( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[4U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)4U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)1408U / (size_t)4U), - (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)1408U / (size_t)4U), uint8_t); uint8_t ret[352U]; - compress_then_serialize_ring_element_u_420(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)352U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_540(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)352U, ret, uint8_t), uint8_t); } } @@ -4274,22 +4549,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_4_59( +static KRML_MUSTINLINE void compress_then_serialize_4_f6( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_991(to_unsigned_representative_e5(re.coefficients[i0])); + compress_0d_991(to_unsigned_representative_57(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_portable_serialize_4_0d(coefficient, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)8U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_array_to_slice((size_t)8U, bytes, uint8_t), uint8_t); } } @@ -4331,22 +4604,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_5_ef( +static KRML_MUSTINLINE void compress_then_serialize_5_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice serialized) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficients = - compress_0d_992(to_unsigned_representative_e5(re.coefficients[i0])); + compress_0d_992(to_unsigned_representative_57(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_portable_serialize_5_0d(coefficients, bytes); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_slice_subslice2(serialized, (size_t)10U * i0, - (size_t)10U * i0 + (size_t)10U, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)10U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + (size_t)10U * i0 + (size_t)10U, uint8_t), + Eurydice_array_to_slice((size_t)10U, bytes, uint8_t), uint8_t); } } @@ -4357,11 +4628,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 - OUT_LEN= 160 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d0( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_200( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_5_ef(re, out); -} - + compress_then_serialize_5_06(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -4380,22 +4692,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_841( +static void encrypt_unpacked_091( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_710 uu____3 = sample_ring_element_cbd_bf1(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( error_1, uu____3.fst, @@ -4403,35 +4718,33 @@ static void encrypt_unpacked_841( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee4( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; - compute_vector_u_111(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_221(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c0(uu____4); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d81(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ba1(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1568U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; memcpy( uu____5, u, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e71( - uu____5, - Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)1408U, - uint8_t, Eurydice_slice)); + compress_then_serialize_u_621( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_1d0( - uu____6, - Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_200( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } @@ -4454,51 +4767,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_841(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_091(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_101(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4512,15 +4825,20 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_fe(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_93(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -4528,14 +4846,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1536 - K= 4 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d3( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d3( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -4543,9 +4861,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d3( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -4571,49 +4889,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_aa1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; - deserialize_ring_elements_reduced_1d3( - Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9d3( + Eurydice_slice_subslice_to(public_key, (size_t)1536U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1536U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1536U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_051(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[4U][4U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; + memcpy(copy_of_A, A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1568U]; - encrypt_unpacked_841(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_091(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); } @@ -4628,12 +4949,11 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_94(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_13(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -4656,59 +4976,55 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_fa1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_fe( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_93( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_1a1(Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), - uint8_t, Eurydice_slice), + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_3b1(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1568U, libcrux_ml_kem_types_as_slice_cb_6f1(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_aa1(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1568U]; - memcpy(uu____4, ciphertext, (size_t)1568U * sizeof(uint8_t)); + encrypt_dd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1568U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_101(uu____4); + libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_94(shared_secret, shared_secret_array); + kdf_af_13(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_21 lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -4756,16 +5072,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_52(Eurydice_slice serialized) { +deserialize_then_decompress_10_43(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)20U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_10_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4819,16 +5132,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_4a(Eurydice_slice serialized) { +deserialize_then_decompress_11_6a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)22U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_11_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -4845,8 +5155,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_c20(Eurydice_slice serialized) { - return deserialize_then_decompress_11_4a(serialized); +deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { + return deserialize_then_decompress_11_6a(serialized); } /** @@ -4855,7 +5165,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_390( +static KRML_MUSTINLINE void ntt_vector_u_c00( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -4868,6 +5178,10 @@ static KRML_MUSTINLINE void ntt_vector_u_390( poly_barrett_reduce_89_61(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -4876,17 +5190,16 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_221( +static KRML_MUSTINLINE void deserialize_then_decompress_u_471( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1568U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U); i++) { @@ -4899,11 +5212,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_221( (size_t)11U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_c20(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_390(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); + ntt_vector_u_c00(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4954,15 +5265,13 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_e5(Eurydice_slice serialized) { +deserialize_then_decompress_4_82(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)8U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = libcrux_ml_kem_vector_portable_deserialize_4_0d(bytes); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -5016,19 +5325,15 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_a7(Eurydice_slice serialized) { +deserialize_then_decompress_5_89(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)10U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t, - Eurydice_slice); - libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = + serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); + re.coefficients[i0] = libcrux_ml_kem_vector_portable_deserialize_5_0d(bytes); - re.coefficients[i0] = uu____0; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____1 = decompress_ciphertext_coefficient_0d_832(re.coefficients[i0]); re.coefficients[i0] = uu____1; @@ -5043,8 +5348,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_680(Eurydice_slice serialized) { - return deserialize_then_decompress_5_a7(serialized); +deserialize_then_decompress_ring_element_v_210(Eurydice_slice serialized) { + return deserialize_then_decompress_5_89(serialized); } /** @@ -5058,7 +5363,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_c3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_fc(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5076,6 +5381,12 @@ subtract_reduce_89_c3(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, return b; } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5083,7 +5394,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c11( +compute_message_2f1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5092,8 +5403,8 @@ compute_message_c11( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); - invert_ntt_montgomery_7b1(&result); - result = subtract_reduce_89_c3(v, result); + invert_ntt_montgomery_951(&result); + result = subtract_reduce_89_fc(v, result); return result; } @@ -5103,28 +5414,50 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_79( +static KRML_MUSTINLINE void compress_then_serialize_message_2e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( i, (size_t)0U, (size_t)16U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - to_unsigned_representative_e5(re.coefficients[i0]); + to_unsigned_representative_57(re.coefficients[i0]); libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient_compressed = libcrux_ml_kem_vector_portable_compress_1_0d(coefficient); uint8_t bytes[2U]; libcrux_ml_kem_vector_portable_serialize_1_0d( coefficient_compressed, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)2U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *);); + serialized, (size_t)2U * i0, (size_t)2U * i0 + (size_t)2U, uint8_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice((size_t)2U, bytes, uint8_t), + uint8_t);); memcpy(ret, serialized, (size_t)32U * sizeof(uint8_t)); } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5135,20 +5468,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_891( +static void decrypt_unpacked_821( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_221(ciphertext, u_as_ntt); + deserialize_then_decompress_u_471(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_680( + deserialize_then_decompress_ring_element_v_210( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, - (size_t)1408U, uint8_t, size_t, - Eurydice_slice)); + (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c11(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2f1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_79(message, ret0); + compress_then_serialize_message_2e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5160,8 +5492,7 @@ with const generics static KRML_MUSTINLINE void PRF_2b(Eurydice_slice input, uint8_t ret[32U]) { uint8_t digest[32U] = {0U}; libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)32U, digest, uint8_t, Eurydice_slice), - input); + Eurydice_array_to_slice((size_t)32U, digest, uint8_t), input); memcpy(ret, digest, (size_t)32U * sizeof(uint8_t)); } @@ -5201,66 +5532,62 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_751( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_891(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_821(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1600U]; libcrux_ml_kem_utils_into_padded_array_ea4( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee3( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_841(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_091(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5272,16 +5599,13 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_f3(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; - i < - core_slice___Slice_T___len(serialized, uint8_t, size_t) / (size_t)24U; - i++) { + i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { size_t i0 = i; Eurydice_slice bytes = Eurydice_slice_subslice2( - serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t, - Eurydice_slice); + serialized, i0 * (size_t)24U, i0 * (size_t)24U + (size_t)24U, uint8_t); libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = libcrux_ml_kem_vector_portable_deserialize_12_0d(bytes); re.coefficients[i0] = uu____0; @@ -5289,20 +5613,23 @@ deserialize_to_uncompressed_ring_element_f3(Eurydice_slice serialized) { return re; } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_421( +static KRML_MUSTINLINE void deserialize_secret_key_281( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5310,9 +5637,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_421( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f3(secret_bytes); + deserialize_to_uncompressed_ring_element_61(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5330,21 +5657,22 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_ac1(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_421(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[4U]; + deserialize_secret_key_281(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_891(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_821(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5370,42 +5698,38 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_241( +void libcrux_ml_kem_ind_cca_decapsulate_b21( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)3168U, private_key->value, uint8_t), (size_t)1536U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1568U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ac1(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e41( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e41(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -5414,38 +5738,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_241( libcrux_ml_kem_utils_into_padded_array_ea4(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_791(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee3( - Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_aa1(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_dd1(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_94( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_13(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_94(shared_secret0, shared_secret); + kdf_af_13(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_791(ciphertext), - Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -5453,14 +5781,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 800 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d2( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -5468,9 +5796,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -5478,6 +5806,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d2( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5485,34 +5816,34 @@ with const generics - K= 2 - OUT_LEN= 768 */ -static KRML_MUSTINLINE void serialize_secret_key_6d0( +static KRML_MUSTINLINE void serialize_secret_key_870( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[768U]) { uint8_t out[768U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_1d(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_3a(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)768U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5521,23 +5852,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static KRML_MUSTINLINE void serialize_public_key_eb0( +static KRML_MUSTINLINE void serialize_public_key_040( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[800U]) { uint8_t public_key_serialized[800U] = {0U}; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - public_key_serialized, (size_t)0U, (size_t)768U, uint8_t, Eurydice_slice); + public_key_serialized, (size_t)0U, (size_t)768U, uint8_t); uint8_t ret0[768U]; - serialize_secret_key_6d0(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)768U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_870(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)768U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)800U, public_key_serialized, - (size_t)768U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)768U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)800U * sizeof(uint8_t)); } @@ -5549,18 +5877,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_600(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c20(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; - deserialize_ring_elements_reduced_1d2( + deserialize_ring_elements_reduced_9d2( Eurydice_array_to_subslice_to((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_040( uu____0, Eurydice_array_to_subslice_from((size_t)800U, public_key, (size_t)768U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)800U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -5625,16 +5953,17 @@ shake128_init_absorb_b70(uint8_t input[2U][34U]) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[2U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[2U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_8b lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)2U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -5651,9 +5980,10 @@ generics */ static KRML_MUSTINLINE PortableHash_8b shake128_init_absorb_f1_8c0(uint8_t input[2U][34U]) { - uint8_t uu____0[2U][34U]; - memcpy(uu____0, input, (size_t)2U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b70(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[2U][34U]; + memcpy(copy_of_input, input, (size_t)2U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b70(copy_of_input); } /** @@ -5669,8 +5999,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca0( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[504U])); } @@ -5689,6 +6018,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_690( shake128_squeeze_three_blocks_ca0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5707,12 +6077,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5738,11 +6107,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_dd0(PortableHash_8b *st, uint8_t ret[2U][168U]) { uint8_t out[2U][168U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[168U])); } @@ -5761,6 +6130,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_600( shake128_squeeze_block_dd0(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -5779,12 +6189,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c2( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -5810,8 +6219,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f0( int16_t s[272U]) { - return from_i16_array_89_ca(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -5826,32 +6235,37 @@ static KRML_MUSTINLINE void sample_from_xof_d40( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { size_t sampled_coefficients[2U] = {0U}; int16_t out[2U][272U] = {{0U}}; - uint8_t uu____0[2U][34U]; - memcpy(uu____0, seeds, (size_t)2U * sizeof(uint8_t[34U])); - PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); + PortableHash_8b xof_state = shake128_init_absorb_f1_8c0(copy_of_seeds); uint8_t randomness0[2U][504U]; shake128_squeeze_three_blocks_f1_690(&xof_state, randomness0); - uint8_t uu____1[2U][504U]; - memcpy(uu____1, randomness0, (size_t)2U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[2U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)2U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_2c1( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[2U][168U]; shake128_squeeze_block_f1_600(&xof_state, randomness); - uint8_t uu____2[2U][168U]; - memcpy(uu____2, randomness, (size_t)2U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[2U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)2U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_2c2( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[2U][272U]; - memcpy(uu____3, out, (size_t)2U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[2U][272U]; + memcpy(copy_of_out, out, (size_t)2U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, - ret0[i] = closure_2f0(uu____3[i]);); + ret0[i] = closure_2f0(copy_of_out[i]);); memcpy( ret, ret0, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -5872,24 +6286,25 @@ static KRML_MUSTINLINE void sample_matrix_A_050( closure_080(A_transpose[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[2U][34U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[2U][34U]; - memcpy(uu____1, seeds, (size_t)2U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[2U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)2U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[2U]; - sample_from_xof_d40(uu____1, sampled); + sample_from_xof_d40(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -5898,7 +6313,9 @@ static KRML_MUSTINLINE void sample_matrix_A_050( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); @@ -5924,12 +6341,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c50(uint8_t (*input)[33U], uint8_t ret[2U][192U]) { uint8_t out[2U][192U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)192U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[192U])); } @@ -5959,6 +6375,10 @@ sample_from_binomial_distribution_340(Eurydice_slice randomness) { return sample_from_binomial_distribution_3_b0(randomness); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5973,12 +6393,13 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, re_as_ntt[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -5986,23 +6407,26 @@ static KRML_MUSTINLINE tuple_740 sample_vector_cbd_then_ntt_a70( PRFxN_f1_930(prf_inputs, prf_outputs); KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_340(Eurydice_array_to_slice( - (size_t)192U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_340( + Eurydice_array_to_slice((size_t)192U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[2U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -6017,13 +6441,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -6033,6 +6455,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e80( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6048,22 +6473,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb0( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -6079,6 +6502,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb0( (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6088,13 +6552,13 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_d10( +static tuple_4c0 generate_keypair_unpacked_0f0( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e40(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; @@ -6104,53 +6568,59 @@ static tuple_4c0 generate_keypair_unpacked_d10( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a70(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_a70(copy_of_prf_input, domain_separator).fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U][2U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[2U] + [2U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_4c0){.fst = sk, .snd = pk}); } @@ -6169,7 +6639,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_f00( +static void closure_410( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -6202,27 +6672,26 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_4c0 uu____0 = generate_keypair_unpacked_d10(ind_cpa_keypair_randomness); + size_t); + tuple_4c0 uu____0 = generate_keypair_unpacked_0f0(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_f00(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_410(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_3a(&ind_cpa_public_key.A[j][i1]); + clone_d5_13(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -6232,36 +6701,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a0(uint8_t randomness[64U]) { (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); uint8_t pk_serialized[800U]; - serialize_public_key_eb0( + serialize_public_key_040( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_1a0(Eurydice_array_to_slice((size_t)800U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_ae uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6278,28 +6750,70 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_c50( +static libcrux_ml_kem_utils_extraction_helper_Keypair512 generate_keypair_6e0( Eurydice_slice key_generation_seed) { - tuple_4c0 uu____0 = generate_keypair_unpacked_d10(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae pk = uu____0.snd; + uint8_t hashed[64U]; + G_f1_e40(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[2U][2U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_050(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____2 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[2U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_a70(copy_of_prf_input, domain_separator).fst, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; + compute_As_plus_e_cb0(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[800U]; - serialize_public_key_eb0(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_040( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[768U]; - serialize_secret_key_6d0(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[768U]; - memcpy(uu____1, secret_key_serialized, (size_t)768U * sizeof(uint8_t)); - uint8_t uu____2[800U]; - memcpy(uu____2, public_key_serialized, (size_t)800U * sizeof(uint8_t)); + serialize_secret_key_870(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[768U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[800U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)800U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair512 lit; - memcpy(lit.fst, uu____1, (size_t)768U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)800U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)768U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)800U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] @@ -6307,7 +6821,7 @@ with const generics - K= 2 - SERIALIZED_KEY_LEN= 1632 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_12( +static KRML_MUSTINLINE void serialize_kem_secret_key_48( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[1632U]) { uint8_t out[1632U] = {0U}; @@ -6315,46 +6829,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_12( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_1a0(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)1632U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6369,37 +6885,37 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_types_MlKemKeyPair_cb -libcrux_ml_kem_ind_cca_generate_keypair_ef0(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f90(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair512 uu____0 = - generate_keypair_c50(ind_cpa_keypair_randomness); + generate_keypair_6e0(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[768U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)768U * sizeof(uint8_t)); uint8_t public_key[800U]; memcpy(public_key, uu____0.snd, (size_t)800U * sizeof(uint8_t)); uint8_t secret_key_serialized[1632U]; - serialize_kem_secret_key_12( - Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)800U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_48( + Eurydice_array_to_slice((size_t)768U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)800U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[1632U]; - memcpy(uu____1, secret_key_serialized, (size_t)1632U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1632U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1632U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_5e private_key = - libcrux_ml_kem_types_from_05_70(uu____1); + libcrux_ml_kem_types_from_05_db(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_5e uu____2 = private_key; - uint8_t uu____3[800U]; - memcpy(uu____3, public_key, (size_t)800U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb( - uu____2, libcrux_ml_kem_types_from_b6_a3(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[800U]; + memcpy(copy_of_public_key, public_key, (size_t)800U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_12( + uu____2, libcrux_ml_kem_types_from_b6_8e(copy_of_public_key)); } /** @@ -6411,12 +6927,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c51(uint8_t (*input)[33U], uint8_t ret[2U][128U]) { uint8_t out[2U][128U] = {{0U}}; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR2( + i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)2U * sizeof(uint8_t[128U])); } @@ -6435,6 +6950,9 @@ static KRML_MUSTINLINE void PRFxN_f1_931(uint8_t (*input)[33U], PRFxN_c51(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6445,16 +6963,17 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_740 -sample_ring_element_cbd_bf0(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_380(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, error_1[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[2U][33U]; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -6463,16 +6982,17 @@ sample_ring_element_cbd_bf0(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[2U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_740 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -6499,27 +7019,30 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b0( +static KRML_MUSTINLINE void invert_ntt_montgomery_950( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_13(&zeta_i, re); - invert_ntt_at_layer_2_cd(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_46(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_17(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void compute_vector_u_110( +static KRML_MUSTINLINE void compute_vector_u_220( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[2U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -6528,22 +7051,20 @@ static KRML_MUSTINLINE void compute_vector_u_110( KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -6551,14 +7072,17 @@ static KRML_MUSTINLINE void compute_vector_u_110( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e80(&result[i1], &product); } - invert_ntt_montgomery_7b0(&result[i1]); - add_error_reduce_89_53(&result[i1], &error_1[i1]); + invert_ntt_montgomery_950(&result[i1]); + add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6566,7 +7090,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d80( +compute_ring_element_v_ba0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -6576,8 +7100,8 @@ compute_ring_element_v_d80( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = add_message_error_reduce_89_60(error_2, message, result); + invert_ntt_montgomery_950(&result); + result = add_message_error_reduce_89_a1(error_2, message, result); return result; } @@ -6587,23 +7111,20 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_10_7b( +static KRML_MUSTINLINE void compress_then_serialize_10_c9( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t serialized[320U] = {0U}; for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector coefficient = - compress_0d_99(to_unsigned_representative_e5(re->coefficients[i0])); + compress_0d_99(to_unsigned_representative_57(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_portable_serialize_10_0d(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t, - Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)20U, bytes, uint8_t, Eurydice_slice), - uint8_t, void *); + serialized, (size_t)20U * i0, (size_t)20U * i0 + (size_t)20U, uint8_t); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)20U, bytes, uint8_t), uint8_t); } memcpy(ret, serialized, (size_t)320U * sizeof(uint8_t)); } @@ -6615,13 +7136,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 - OUT_LEN= 320 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_42( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_u_54( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re, uint8_t ret[320U]) { uint8_t uu____0[320U]; - compress_then_serialize_10_7b(re, uu____0); + compress_then_serialize_10_c9(re, uu____0); memcpy(ret, uu____0, (size_t)320U * sizeof(uint8_t)); } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -6631,29 +7155,25 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e70( +static void compress_then_serialize_u_620( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[2U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)2U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)640U / (size_t)2U), - (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)640U / (size_t)2U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_42(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_54(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } @@ -6664,11 +7184,52 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 - OUT_LEN= 128 */ -static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_1d( +static KRML_MUSTINLINE void compress_then_serialize_ring_element_v_20( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, Eurydice_slice out) { - compress_then_serialize_4_59(re, out); -} - + compress_then_serialize_4_f6(re, out); +} + +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -6687,22 +7248,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_840( +static void encrypt_unpacked_090( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_740 uu____3 = sample_ring_element_cbd_bf0(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( error_1, uu____3.fst, @@ -6710,34 +7274,33 @@ static void encrypt_unpacked_840( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee2( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; - compute_vector_u_110(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_220(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c0(uu____4); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d80(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ba0(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[768U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; memcpy( uu____5, u, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e70( + compress_then_serialize_u_620( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_1d( - uu____6, - Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } @@ -6760,51 +7323,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_840(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_090(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_10(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -6818,15 +7381,20 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_23(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_ca(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -6834,14 +7402,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 768 - K= 2 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d1( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d1( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -6849,9 +7417,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d1( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -6877,49 +7445,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_aa0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; - deserialize_ring_elements_reduced_1d1( - Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9d1( + Eurydice_slice_subslice_to(public_key, (size_t)768U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)768U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)768U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_050(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[2U][2U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; + memcpy(copy_of_A, A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[768U]; - encrypt_unpacked_840(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_090(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); } @@ -6934,12 +7505,11 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_06(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -6962,59 +7532,55 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_fa0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_23( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_ca( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_1a0(Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), - uint8_t, Eurydice_slice), + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)800U, libcrux_ml_kem_types_as_slice_cb_3b(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)800U, libcrux_ml_kem_types_as_slice_cb_6f(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_aa0(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[768U]; - memcpy(uu____4, ciphertext, (size_t)768U * sizeof(uint8_t)); + encrypt_dd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[768U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_10(uu____4); + libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_06(shared_secret, shared_secret_array); + kdf_af_6d(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_ec lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -7025,8 +7591,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_c2(Eurydice_slice serialized) { - return deserialize_then_decompress_10_52(serialized); +deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { + return deserialize_then_decompress_10_43(serialized); } /** @@ -7035,7 +7601,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_39( +static KRML_MUSTINLINE void ntt_vector_u_c0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -7048,6 +7614,10 @@ static KRML_MUSTINLINE void ntt_vector_u_39( poly_barrett_reduce_89_61(re); } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7056,17 +7626,16 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_220( +static KRML_MUSTINLINE void deserialize_then_decompress_u_470( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)768U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -7079,11 +7648,9 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_220( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_c2(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_39(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); + ntt_vector_u_c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7097,10 +7664,16 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_68(Eurydice_slice serialized) { - return deserialize_then_decompress_4_e5(serialized); +deserialize_then_decompress_ring_element_v_21(Eurydice_slice serialized) { + return deserialize_then_decompress_4_82(serialized); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7108,7 +7681,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c10( +compute_message_2f0( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7117,11 +7690,35 @@ compute_message_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); - invert_ntt_montgomery_7b0(&result); - result = subtract_reduce_89_c3(v, result); + invert_ntt_montgomery_950(&result); + result = subtract_reduce_89_fc(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7132,20 +7729,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_890( +static void decrypt_unpacked_820( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_220(ciphertext, u_as_ntt); + deserialize_then_decompress_u_470(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_68( + deserialize_then_decompress_ring_element_v_21( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, - (size_t)640U, uint8_t, size_t, - Eurydice_slice)); + (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c10(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2f0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_79(message, ret0); + compress_then_serialize_message_2e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7185,83 +7781,82 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_750( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_890(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_820(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[800U]; libcrux_ml_kem_utils_into_padded_array_ea0( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee1( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_840(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_090(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_420( +static KRML_MUSTINLINE void deserialize_secret_key_280( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7269,9 +7864,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_420( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f3(secret_bytes); + deserialize_to_uncompressed_ring_element_61(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7289,21 +7884,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_ac0(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_420(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[2U]; + deserialize_secret_key_280(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_890(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_820(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7329,41 +7925,37 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_240( +void libcrux_ml_kem_ind_cca_decapsulate_b20( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)1632U, private_key->value, uint8_t), (size_t)768U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)800U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ac0(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e40( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e40(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -7372,38 +7964,42 @@ void libcrux_ml_kem_ind_cca_decapsulate_240( libcrux_ml_kem_utils_into_padded_array_ea0(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_79(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee1( - Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_aa0(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_dd0(uu____5, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_06( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_6d(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_06(shared_secret0, shared_secret); + kdf_af_6d(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_79(ciphertext), - Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -7411,14 +8007,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1184 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d0( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -7426,9 +8022,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -7436,6 +8032,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d0( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Call [`serialize_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7443,34 +8042,34 @@ with const generics - K= 3 - OUT_LEN= 1152 */ -static KRML_MUSTINLINE void serialize_secret_key_6d( +static KRML_MUSTINLINE void serialize_secret_key_87( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *key, uint8_t ret[1152U]) { uint8_t out[1152U] = {0U}; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, key, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = key[i0]; Eurydice_slice uu____0 = Eurydice_array_to_subslice2( out, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, (i0 + (size_t)1U) * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); uint8_t ret0[384U]; - serialize_uncompressed_ring_element_1d(&re, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)384U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + serialize_uncompressed_ring_element_3a(&re, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)384U, ret0, uint8_t), uint8_t); } memcpy(ret, out, (size_t)1152U * sizeof(uint8_t)); } +/** + Concatenate `t` and `ρ` into the public key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.serialize_public_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7479,24 +8078,20 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static KRML_MUSTINLINE void serialize_public_key_eb( +static KRML_MUSTINLINE void serialize_public_key_04( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, Eurydice_slice seed_for_a, uint8_t ret[1184U]) { uint8_t public_key_serialized[1184U] = {0U}; - Eurydice_slice uu____0 = - Eurydice_array_to_subslice2(public_key_serialized, (size_t)0U, - (size_t)1152U, uint8_t, Eurydice_slice); + Eurydice_slice uu____0 = Eurydice_array_to_subslice2( + public_key_serialized, (size_t)0U, (size_t)1152U, uint8_t); uint8_t ret0[1152U]; - serialize_secret_key_6d(t_as_ntt, ret0); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); - core_slice___Slice_T___copy_from_slice( + serialize_secret_key_87(t_as_ntt, ret0); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)1152U, ret0, uint8_t), uint8_t); + Eurydice_slice_copy( Eurydice_array_to_subslice_from((size_t)1184U, public_key_serialized, - (size_t)1152U, uint8_t, size_t, - Eurydice_slice), - seed_for_a, uint8_t, void *); + (size_t)1152U, uint8_t, size_t), + seed_for_a, uint8_t); memcpy(ret, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); } @@ -7508,18 +8103,18 @@ with const generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -bool libcrux_ml_kem_ind_cca_validate_public_key_60(uint8_t *public_key) { +bool libcrux_ml_kem_ind_cca_validate_public_key_c2(uint8_t *public_key) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; - deserialize_ring_elements_reduced_1d0( + deserialize_ring_elements_reduced_9d0( Eurydice_array_to_subslice_to((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), deserialized_pk); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *uu____0 = deserialized_pk; uint8_t public_key_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_04( uu____0, Eurydice_array_to_subslice_from((size_t)1184U, public_key, (size_t)1152U, - uint8_t, size_t, Eurydice_slice), + uint8_t, size_t), public_key_serialized); return core_array_equality___core__cmp__PartialEq__Array_U__N___for__Array_T__N____eq( (size_t)1184U, public_key, public_key_serialized, uint8_t, uint8_t, bool); @@ -7584,16 +8179,17 @@ shake128_init_absorb_b7(uint8_t input[3U][34U]) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, shake128_state[i] = libcrux_sha3_portable_incremental_shake128_init();); - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_absorb_final( - &shake128_state[i0], - Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t, - Eurydice_slice));); - libcrux_sha3_generic_keccak_KeccakState_48 uu____0[3U]; - memcpy(uu____0, shake128_state, + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_absorb_final( + &shake128_state[i0], + Eurydice_array_to_slice((size_t)34U, input[i0], uint8_t));); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_sha3_generic_keccak_KeccakState_48 copy_of_shake128_state[3U]; + memcpy(copy_of_shake128_state, shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); PortableHash_58 lit; - memcpy(lit.shake128_state, uu____0, + memcpy(lit.shake128_state, copy_of_shake128_state, (size_t)3U * sizeof(libcrux_sha3_generic_keccak_KeccakState_48)); return lit; } @@ -7610,9 +8206,10 @@ generics */ static KRML_MUSTINLINE PortableHash_58 shake128_init_absorb_f1_8c(uint8_t input[3U][34U]) { - uint8_t uu____0[3U][34U]; - memcpy(uu____0, input, (size_t)3U * sizeof(uint8_t[34U])); - return shake128_init_absorb_b7(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_input[3U][34U]; + memcpy(copy_of_input, input, (size_t)3U * sizeof(uint8_t[34U])); + return shake128_init_absorb_b7(copy_of_input); } /** @@ -7628,8 +8225,7 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_ca( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_sha3_portable_incremental_shake128_squeeze_first_three_blocks( &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t, - Eurydice_slice));); + Eurydice_array_to_slice((size_t)504U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[504U])); } @@ -7648,6 +8244,47 @@ static KRML_MUSTINLINE void shake128_squeeze_three_blocks_f1_69( shake128_squeeze_three_blocks_ca(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7666,12 +8303,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7697,11 +8333,11 @@ generics static KRML_MUSTINLINE void shake128_squeeze_block_dd(PortableHash_58 *st, uint8_t ret[3U][168U]) { uint8_t out[3U][168U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_incremental_shake128_squeeze_next_block( - &st->shake128_state[i0], - Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_incremental_shake128_squeeze_next_block( + &st->shake128_state[i0], + Eurydice_array_to_slice((size_t)168U, out[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[168U])); } @@ -7720,6 +8356,47 @@ static KRML_MUSTINLINE void shake128_squeeze_block_f1_60( shake128_squeeze_block_dd(self, ret); } +/** + If `bytes` contains a set of uniformly random bytes, this function + uniformly samples a ring element `â` that is treated as being the NTT + representation of the corresponding polynomial `a`. + + Since rejection sampling is used, it is possible the supplied bytes are + not enough to sample the element, in which case an `Err` is returned and the + caller must try again with a fresh set of bytes. + + This function partially implements Algorithm + 6 of the NIST FIPS 203 standard, We say "partially" because this + implementation only accepts a finite set of bytes as input and returns an error + if the set is not enough; Algorithm 6 of the FIPS 203 standard on the other + hand samples from an infinite stream of bytes until the ring element is filled. + Algorithm 6 is reproduced below: + + ```plaintext + Input: byte stream B ∈ 𝔹*. + Output: array â ∈ ℤ₂₅₆. + + i ← 0 + j ← 0 + while j < 256 do + d₁ ← B[i] + 256·(B[i+1] mod 16) + d₂ ← ⌊B[i+1]/16⌋ + 16·B[i+2] + if d₁ < q then + â[j] ← d₁ + j ← j + 1 + end if + if d₂ < q and j < 256 then + â[j] ← d₂ + j ← j + 1 + end if + i ← i + 3 + end while + return â + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.sampling.sample_from_uniform_distribution_next with types @@ -7738,12 +8415,11 @@ static KRML_MUSTINLINE bool sample_from_uniform_distribution_next_2c0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( randomness[i1], r * (size_t)24U, r * (size_t)24U + (size_t)24U, - uint8_t, Eurydice_slice); + uint8_t); size_t sampled = libcrux_ml_kem_vector_portable_rej_sample_0d( uu____0, Eurydice_array_to_subslice2( out[i1], sampled_coefficients[i1], - sampled_coefficients[i1] + (size_t)16U, int16_t, - Eurydice_slice)); + sampled_coefficients[i1] + (size_t)16U, int16_t)); size_t uu____1 = i1; sampled_coefficients[uu____1] = sampled_coefficients[uu____1] + sampled; @@ -7769,8 +8445,8 @@ generics */ static libcrux_ml_kem_polynomial_PolynomialRingElement_f0 closure_2f( int16_t s[272U]) { - return from_i16_array_89_ca(Eurydice_array_to_subslice2( - s, (size_t)0U, (size_t)256U, int16_t, Eurydice_slice)); + return from_i16_array_89_ca( + Eurydice_array_to_subslice2(s, (size_t)0U, (size_t)256U, int16_t)); } /** @@ -7785,32 +8461,37 @@ static KRML_MUSTINLINE void sample_from_xof_d4( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { size_t sampled_coefficients[3U] = {0U}; int16_t out[3U][272U] = {{0U}}; - uint8_t uu____0[3U][34U]; - memcpy(uu____0, seeds, (size_t)3U * sizeof(uint8_t[34U])); - PortableHash_58 xof_state = shake128_init_absorb_f1_8c(uu____0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); + PortableHash_58 xof_state = shake128_init_absorb_f1_8c(copy_of_seeds); uint8_t randomness0[3U][504U]; shake128_squeeze_three_blocks_f1_69(&xof_state, randomness0); - uint8_t uu____1[3U][504U]; - memcpy(uu____1, randomness0, (size_t)3U * sizeof(uint8_t[504U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness0[3U][504U]; + memcpy(copy_of_randomness0, randomness0, (size_t)3U * sizeof(uint8_t[504U])); bool done = sample_from_uniform_distribution_next_2c( - uu____1, sampled_coefficients, out); + copy_of_randomness0, sampled_coefficients, out); while (true) { if (done) { break; } else { uint8_t randomness[3U][168U]; shake128_squeeze_block_f1_60(&xof_state, randomness); - uint8_t uu____2[3U][168U]; - memcpy(uu____2, randomness, (size_t)3U * sizeof(uint8_t[168U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[3U][168U]; + memcpy(copy_of_randomness, randomness, + (size_t)3U * sizeof(uint8_t[168U])); done = sample_from_uniform_distribution_next_2c0( - uu____2, sampled_coefficients, out); + copy_of_randomness, sampled_coefficients, out); } } - int16_t uu____3[3U][272U]; - memcpy(uu____3, out, (size_t)3U * sizeof(int16_t[272U])); + /* Passing arrays by value in Rust generates a copy in C */ + int16_t copy_of_out[3U][272U]; + memcpy(copy_of_out, out, (size_t)3U * sizeof(int16_t[272U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret0[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, - ret0[i] = closure_2f(uu____3[i]);); + ret0[i] = closure_2f(copy_of_out[i]);); memcpy( ret, ret0, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); @@ -7831,24 +8512,25 @@ static KRML_MUSTINLINE void sample_matrix_A_05( closure_08(A_transpose[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; - uint8_t uu____0[34U]; - memcpy(uu____0, seed, (size_t)34U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed[34U]; + memcpy(copy_of_seed, seed, (size_t)34U * sizeof(uint8_t)); uint8_t seeds[3U][34U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(seeds[i], uu____0, (size_t)34U * sizeof(uint8_t));); + memcpy(seeds[i], copy_of_seed, (size_t)34U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; seeds[j][32U] = (uint8_t)i1; seeds[j][33U] = (uint8_t)j;); - uint8_t uu____1[3U][34U]; - memcpy(uu____1, seeds, (size_t)3U * sizeof(uint8_t[34U])); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seeds[3U][34U]; + memcpy(copy_of_seeds, seeds, (size_t)3U * sizeof(uint8_t[34U])); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sampled[3U]; - sample_from_xof_d4(uu____1, sampled); + sample_from_xof_d4(copy_of_seeds, sampled); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, sampled, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 sample = sampled[j]; @@ -7857,7 +8539,9 @@ static KRML_MUSTINLINE void sample_matrix_A_05( } else { A_transpose[i1][j] = sample; } - }); + } + + ); memcpy(ret, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); @@ -7883,12 +8567,11 @@ with const generics static KRML_MUSTINLINE void PRFxN_c5(uint8_t (*input)[33U], uint8_t ret[3U][128U]) { uint8_t out[3U][128U] = {{0U}}; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_sha3_portable_shake256( - Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t, - Eurydice_slice));); + KRML_MAYBE_FOR3( + i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; + libcrux_sha3_portable_shake256( + Eurydice_array_to_slice((size_t)128U, out[i0], uint8_t), + Eurydice_array_to_slice((size_t)33U, input[i0], uint8_t));); memcpy(ret, out, (size_t)3U * sizeof(uint8_t[128U])); } @@ -7907,6 +8590,10 @@ static KRML_MUSTINLINE void PRFxN_f1_93(uint8_t (*input)[33U], PRFxN_c5(input, ret); } +/** + Sample a vector of ring elements from a centered binomial distribution and + convert them into their NTT representations. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_vector_cbd_then_ntt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -7921,12 +8608,13 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, re_as_ntt[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -7934,23 +8622,26 @@ static KRML_MUSTINLINE tuple_b0 sample_vector_cbd_then_ntt_a7( PRFxN_f1_93(prf_inputs, prf_outputs); KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); - re_as_ntt[i0] = uu____1; + re_as_ntt[i0] = sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); ntt_binomially_sampled_ring_element_28(&re_as_ntt[i0]);); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_re_as_ntt[3U]; memcpy( - uu____2, re_as_ntt, + copy_of_re_as_ntt, re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_re_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; } +/** + Given two polynomial ring elements `lhs` and `rhs`, compute the pointwise + sum of their constituent coefficients. +*/ /** This function found in impl {libcrux_ml_kem::polynomial::PolynomialRingElement[TraitClause@0]} @@ -7965,13 +8656,11 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *rhs) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)16U, self->coefficients, - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - Eurydice_slice), - libcrux_ml_kem_vector_portable_vector_type_PortableVector, - size_t); + libcrux_ml_kem_vector_portable_vector_type_PortableVector), + libcrux_ml_kem_vector_portable_vector_type_PortableVector); i++) { size_t i0 = i; libcrux_ml_kem_vector_portable_vector_type_PortableVector uu____0 = @@ -7981,6 +8670,9 @@ static KRML_MUSTINLINE void add_to_ring_element_89_e8( } } +/** + Compute  ◦ ŝ + ê +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_As_plus_e with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -7996,22 +8688,20 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, matrix_A, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = matrix_A[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *matrix_element = @@ -8027,6 +8717,47 @@ static KRML_MUSTINLINE void compute_As_plus_e_cb( (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + This function implements most of Algorithm 12 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE key generation + algorithm. + + We say "most of" since Algorithm 12 samples the required randomness within + the function itself, whereas this implementation expects it to be provided + through the `key_generation_seed` parameter. + + Algorithm 12 is reproduced below: + + ```plaintext + Output: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Output: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + + d ←$ B + (ρ,σ) ← G(d) + N ← 0 + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + s[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(σ,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(σ,N)) + N ← N + 1 + end for + ŝ ← NTT(s) + ê ← NTT(e) + t̂ ← Â◦ŝ + ê + ekₚₖₑ ← ByteEncode₁₂(t̂) ‖ ρ + dkₚₖₑ ← ByteEncode₁₂(ŝ) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.generate_keypair_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8036,13 +8767,13 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_d1( +static tuple_9b generate_keypair_unpacked_0f( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e4(key_generation_seed, hashed); - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), - (size_t)32U, uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice seed_for_A0 = uu____0.fst; Eurydice_slice seed_for_secret_and_error = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; @@ -8052,53 +8783,59 @@ static tuple_9b generate_keypair_unpacked_d1( uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, prf_input); - uint8_t uu____1[33U]; - memcpy(uu____1, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(uu____1, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; memcpy( secret_as_ntt, uu____2.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator = uu____2.snd; - uint8_t uu____3[33U]; - memcpy(uu____3, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; memcpy( error_as_ntt, - sample_vector_cbd_then_ntt_a7(uu____3, domain_separator).fst, + sample_vector_cbd_then_ntt_a7(copy_of_prf_input, domain_separator).fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U], - void *); + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____4[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____4, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U][3U]; - memcpy(uu____5, A_transpose, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A_transpose[3U] + [3U]; + memcpy(copy_of_A_transpose, A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____6[32U]; - memcpy(uu____6, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk; memcpy( - pk.t_as_ntt, uu____4, + pk.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(pk.seed_for_A, uu____6, (size_t)32U * sizeof(uint8_t)); - memcpy(pk.A, uu____5, + memcpy(pk.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); + memcpy(pk.A, copy_of_A_transpose, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____7[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____7, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk; memcpy( - sk.secret_as_ntt, uu____7, + sk.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); return (CLITERAL(tuple_9b){.fst = sk, .snd = pk}); } @@ -8117,7 +8854,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_f0( +static void closure_41( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -8150,27 +8887,26 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value0 = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); - tuple_9b uu____0 = generate_keypair_unpacked_d1(ind_cpa_keypair_randomness); + size_t); + tuple_9b uu____0 = generate_keypair_unpacked_0f(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_f0(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_41(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_3a(&ind_cpa_public_key.A[j][i1]); + clone_d5_13(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -8180,36 +8916,39 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_4a(uint8_t randomness[64U]) { (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); uint8_t pk_serialized[1184U]; - serialize_public_key_eb( + serialize_public_key_04( ind_cpa_public_key.t_as_ntt, Eurydice_array_to_slice((size_t)32U, ind_cpa_public_key.seed_for_A, - uint8_t, Eurydice_slice), + uint8_t), pk_serialized); uint8_t public_key_hash[32U]; - H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t, - Eurydice_slice), + H_f1_1a(Eurydice_array_to_slice((size_t)1184U, pk_serialized, uint8_t), public_key_hash); uint8_t implicit_rejection_value[32U]; core_result_Result_00 dst; Eurydice_slice_to_array2(&dst, implicit_rejection_value0, Eurydice_slice, - uint8_t[32U], void *); + uint8_t[32U]); core_result_unwrap_41_83(dst, implicit_rejection_value); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 uu____3 = ind_cpa_private_key; - uint8_t uu____4[32U]; - memcpy(uu____4, implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_implicit_rejection_value[32U]; + memcpy(copy_of_implicit_rejection_value, implicit_rejection_value, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8 uu____5; uu____5.ind_cpa_private_key = uu____3; - memcpy(uu____5.implicit_rejection_value, uu____4, + memcpy(uu____5.implicit_rejection_value, copy_of_implicit_rejection_value, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 uu____6 = ind_cpa_public_key; - uint8_t uu____7[32U]; - memcpy(uu____7, public_key_hash, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_hash[32U]; + memcpy(copy_of_public_key_hash, public_key_hash, + (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 lit; lit.private_key = uu____5; lit.public_key.ind_cpa_public_key = uu____6; - memcpy(lit.public_key.public_key_hash, uu____7, + memcpy(lit.public_key.public_key_hash, copy_of_public_key_hash, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8226,28 +8965,70 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_c5( +static libcrux_ml_kem_utils_extraction_helper_Keypair768 generate_keypair_6e( Eurydice_slice key_generation_seed) { - tuple_9b uu____0 = generate_keypair_unpacked_d1(key_generation_seed); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 sk = uu____0.fst; - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 pk = uu____0.snd; + uint8_t hashed[64U]; + G_f1_e4(key_generation_seed, hashed); + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), (size_t)32U, + uint8_t, Eurydice_slice_uint8_t_x2); + Eurydice_slice seed_for_A0 = uu____0.fst; + Eurydice_slice seed_for_secret_and_error = uu____0.snd; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A_transpose[3U][3U]; + uint8_t ret[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed_for_A0, ret); + sample_matrix_A_05(ret, true, A_transpose); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(seed_for_secret_and_error, + prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____2 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; + memcpy( + secret_as_ntt, uu____2.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____2.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_as_ntt[3U]; + memcpy( + error_as_ntt, + sample_vector_cbd_then_ntt_a7(copy_of_prf_input, domain_separator).fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + compute_As_plus_e_cb(A_transpose, secret_as_ntt, error_as_ntt, t_as_ntt); + uint8_t seed_for_A[32U]; + core_result_Result_00 dst; + Eurydice_slice_to_array2(&dst, seed_for_A0, Eurydice_slice, uint8_t[32U]); + core_result_unwrap_41_83(dst, seed_for_A); uint8_t public_key_serialized[1184U]; - serialize_public_key_eb(pk.t_as_ntt, - Eurydice_array_to_slice((size_t)32U, pk.seed_for_A, - uint8_t, Eurydice_slice), - public_key_serialized); + serialize_public_key_04( + t_as_ntt, Eurydice_array_to_slice((size_t)32U, seed_for_A, uint8_t), + public_key_serialized); uint8_t secret_key_serialized[1152U]; - serialize_secret_key_6d(sk.secret_as_ntt, secret_key_serialized); - uint8_t uu____1[1152U]; - memcpy(uu____1, secret_key_serialized, (size_t)1152U * sizeof(uint8_t)); - uint8_t uu____2[1184U]; - memcpy(uu____2, public_key_serialized, (size_t)1184U * sizeof(uint8_t)); + serialize_secret_key_87(secret_as_ntt, secret_key_serialized); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[1152U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key_serialized[1184U]; + memcpy(copy_of_public_key_serialized, public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); libcrux_ml_kem_utils_extraction_helper_Keypair768 lit; - memcpy(lit.fst, uu____1, (size_t)1152U * sizeof(uint8_t)); - memcpy(lit.snd, uu____2, (size_t)1184U * sizeof(uint8_t)); + memcpy(lit.fst, copy_of_secret_key_serialized, + (size_t)1152U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_public_key_serialized, + (size_t)1184U * sizeof(uint8_t)); return lit; } +/** + Serialize the secret key. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.serialize_kem_secret_key with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] @@ -8255,7 +9036,7 @@ with const generics - K= 3 - SERIALIZED_KEY_LEN= 2400 */ -static KRML_MUSTINLINE void serialize_kem_secret_key_5e( +static KRML_MUSTINLINE void serialize_kem_secret_key_4c( Eurydice_slice private_key, Eurydice_slice public_key, Eurydice_slice implicit_rejection_value, uint8_t ret[2400U]) { uint8_t out[2400U] = {0U}; @@ -8263,46 +9044,48 @@ static KRML_MUSTINLINE void serialize_kem_secret_key_5e( uint8_t *uu____0 = out; size_t uu____1 = pointer; size_t uu____2 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____0, uu____1, - uu____2 + core_slice___Slice_T___len(private_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - private_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(private_key, uint8_t, size_t); + uu____0, uu____1, uu____2 + Eurydice_slice_len(private_key, uint8_t), + uint8_t), + private_key, uint8_t); + pointer = pointer + Eurydice_slice_len(private_key, uint8_t); uint8_t *uu____3 = out; size_t uu____4 = pointer; size_t uu____5 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( - uu____3, uu____4, - uu____5 + core_slice___Slice_T___len(public_key, uint8_t, size_t), - uint8_t, Eurydice_slice), - public_key, uint8_t, void *); - pointer = pointer + core_slice___Slice_T___len(public_key, uint8_t, size_t); + uu____3, uu____4, uu____5 + Eurydice_slice_len(public_key, uint8_t), + uint8_t), + public_key, uint8_t); + pointer = pointer + Eurydice_slice_len(public_key, uint8_t); Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - Eurydice_slice); + out, pointer, pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t); uint8_t ret0[32U]; H_f1_1a(public_key, ret0); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_array_to_slice((size_t)32U, ret0, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____6, Eurydice_array_to_slice((size_t)32U, ret0, uint8_t), uint8_t); pointer = pointer + LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE; uint8_t *uu____7 = out; size_t uu____8 = pointer; size_t uu____9 = pointer; - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_copy( Eurydice_array_to_subslice2( uu____7, uu____8, - uu____9 + core_slice___Slice_T___len(implicit_rejection_value, - uint8_t, size_t), - uint8_t, Eurydice_slice), - implicit_rejection_value, uint8_t, void *); + uu____9 + Eurydice_slice_len(implicit_rejection_value, uint8_t), + uint8_t), + implicit_rejection_value, uint8_t); memcpy(ret, out, (size_t)2400U * sizeof(uint8_t)); } +/** + Packed API + + Generate a key pair. + + Depending on the `Vector` and `Hasher` used, this requires different hardware + features +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cca.generate_keypair with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8317,39 +9100,42 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_generate_keypair_ef(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_f9(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, - LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - Eurydice_slice); + LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); Eurydice_slice implicit_rejection_value = Eurydice_array_to_subslice_from( (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); libcrux_ml_kem_utils_extraction_helper_Keypair768 uu____0 = - generate_keypair_c5(ind_cpa_keypair_randomness); + generate_keypair_6e(ind_cpa_keypair_randomness); uint8_t ind_cpa_private_key[1152U]; memcpy(ind_cpa_private_key, uu____0.fst, (size_t)1152U * sizeof(uint8_t)); uint8_t public_key[1184U]; memcpy(public_key, uu____0.snd, (size_t)1184U * sizeof(uint8_t)); uint8_t secret_key_serialized[2400U]; - serialize_kem_secret_key_5e( - Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t, - Eurydice_slice), + serialize_kem_secret_key_4c( + Eurydice_array_to_slice((size_t)1152U, ind_cpa_private_key, uint8_t), + Eurydice_array_to_slice((size_t)1184U, public_key, uint8_t), implicit_rejection_value, secret_key_serialized); - uint8_t uu____1[2400U]; - memcpy(uu____1, secret_key_serialized, (size_t)2400U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_secret_key_serialized[2400U]; + memcpy(copy_of_secret_key_serialized, secret_key_serialized, + (size_t)2400U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemPrivateKey_55 private_key = - libcrux_ml_kem_types_from_05_700(uu____1); + libcrux_ml_kem_types_from_05_db0(copy_of_secret_key_serialized); libcrux_ml_kem_types_MlKemPrivateKey_55 uu____2 = private_key; - uint8_t uu____3[1184U]; - memcpy(uu____3, public_key, (size_t)1184U * sizeof(uint8_t)); - return libcrux_ml_kem_types_from_17_eb0( - uu____2, libcrux_ml_kem_types_from_b6_a30(uu____3)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_public_key[1184U]; + memcpy(copy_of_public_key, public_key, (size_t)1184U * sizeof(uint8_t)); + return libcrux_ml_kem_types_from_17_120( + uu____2, libcrux_ml_kem_types_from_b6_8e0(copy_of_public_key)); } +/** + Sample a vector of ring elements from a centered binomial distribution. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.sample_ring_element_cbd with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8360,16 +9146,17 @@ generics - ETA2= 2 */ static KRML_MUSTINLINE tuple_b0 -sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { +sample_ring_element_cbd_38(uint8_t prf_input[33U], uint8_t domain_separator) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, error_1[i] = ZERO_89_8d();); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); uint8_t prf_inputs[3U][33U]; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, - memcpy(prf_inputs[i], uu____0, (size_t)33U * sizeof(uint8_t));); + memcpy(prf_inputs[i], copy_of_prf_input, (size_t)33U * sizeof(uint8_t));); KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; prf_inputs[i0][32U] = domain_separator; domain_separator = (uint32_t)domain_separator + 1U;); @@ -8378,16 +9165,17 @@ sample_ring_element_cbd_bf(uint8_t prf_input[33U], uint8_t domain_separator) { KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_outputs[i0], uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_outputs[i0], uint8_t)); error_1[i0] = uu____1;); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_error_1[3U]; memcpy( - uu____2, error_1, + copy_of_error_1, error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); tuple_b0 lit; memcpy( - lit.fst, uu____2, + lit.fst, copy_of_error_1, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); lit.snd = domain_separator; return lit; @@ -8414,27 +9202,30 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void invert_ntt_montgomery_7b( +static KRML_MUSTINLINE void invert_ntt_montgomery_95( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT / (size_t)2U; - invert_ntt_at_layer_1_13(&zeta_i, re); - invert_ntt_at_layer_2_cd(&zeta_i, re); - invert_ntt_at_layer_3_74(&zeta_i, re); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)4U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)5U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)6U); - invert_ntt_at_layer_4_plus_52(&zeta_i, re, (size_t)7U); + invert_ntt_at_layer_1_46(&zeta_i, re); + invert_ntt_at_layer_2_53(&zeta_i, re); + invert_ntt_at_layer_3_17(&zeta_i, re); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)4U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)5U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)6U); + invert_ntt_at_layer_4_plus_1a(&zeta_i, re, (size_t)7U); poly_barrett_reduce_89_61(re); } +/** + Compute u := InvertNTT(Aᵀ ◦ r̂) + e₁ +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_vector_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void compute_vector_u_11( +static KRML_MUSTINLINE void compute_vector_u_22( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 (*a_as_ntt)[3U], libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_1, @@ -8443,22 +9234,20 @@ static KRML_MUSTINLINE void compute_vector_u_11( KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, result[i] = ZERO_89_8d();); for (size_t i0 = (size_t)0U; - i0 < core_slice___Slice_T___len( + i0 < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, a_as_ntt, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U], size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U]); i0++) { size_t i1 = i0; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *row = a_as_ntt[i1]; for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, row, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *a_element = &row[j]; @@ -8466,14 +9255,17 @@ static KRML_MUSTINLINE void compute_vector_u_11( ntt_multiply_89_17(a_element, &r_as_ntt[j]); add_to_ring_element_89_e8(&result[i1], &product); } - invert_ntt_montgomery_7b(&result[i1]); - add_error_reduce_89_53(&result[i1], &error_1[i1]); + invert_ntt_montgomery_95(&result[i1]); + add_error_reduce_89_c3(&result[i1], &error_1[i1]); } memcpy( ret, result, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + Compute InverseNTT(tᵀ ◦ r̂) + e₂ + message +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_ring_element_v with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8481,7 +9273,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_ring_element_v_d8( +compute_ring_element_v_ba( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *t_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *r_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *error_2, @@ -8491,11 +9283,14 @@ compute_ring_element_v_d8( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&t_as_ntt[i0], &r_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = add_message_error_reduce_89_60(error_2, message, result); + invert_ntt_montgomery_95(&result); + result = add_message_error_reduce_89_a1(error_2, message, result); return result; } +/** + Call [`compress_then_serialize_ring_element_u`] on each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.compress_then_serialize_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8505,32 +9300,69 @@ with const generics - COMPRESSION_FACTOR= 10 - BLOCK_LEN= 320 */ -static void compress_then_serialize_u_e7( +static void compress_then_serialize_u_62( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 input[3U], Eurydice_slice out) { for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( + i < Eurydice_slice_len( Eurydice_array_to_slice( (size_t)3U, input, - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, - Eurydice_slice), - libcrux_ml_kem_polynomial_PolynomialRingElement_f0, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0), + libcrux_ml_kem_polynomial_PolynomialRingElement_f0); i++) { size_t i0 = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = input[i0]; Eurydice_slice uu____0 = Eurydice_slice_subslice2( out, i0 * ((size_t)960U / (size_t)3U), - (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t, - Eurydice_slice); + (i0 + (size_t)1U) * ((size_t)960U / (size_t)3U), uint8_t); uint8_t ret[320U]; - compress_then_serialize_ring_element_u_42(&re, ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)320U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + compress_then_serialize_ring_element_u_54(&re, ret); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)320U, ret, uint8_t), uint8_t); } } +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -8549,22 +9381,25 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_84( +static void encrypt_unpacked_09( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); - uint8_t uu____0[33U]; - memcpy(uu____0, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(uu____0, 0U); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t domain_separator0 = uu____1.snd; - uint8_t uu____2[33U]; - memcpy(uu____2, prf_input, (size_t)33U * sizeof(uint8_t)); - tuple_b0 uu____3 = sample_ring_element_cbd_bf(uu____2, domain_separator0); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( error_1, uu____3.fst, @@ -8572,34 +9407,33 @@ static void encrypt_unpacked_84( uint8_t domain_separator = uu____3.snd; prf_input[32U] = domain_separator; uint8_t prf_output[128U]; - PRF_f1_ee0( - Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t, Eurydice_slice), - prf_output); + PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = - sample_from_binomial_distribution_34(Eurydice_array_to_slice( - (size_t)128U, prf_output, uint8_t, Eurydice_slice)); + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - compute_vector_u_11(public_key->A, r_as_ntt, error_1, u); - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + compute_vector_u_22(public_key->A, r_as_ntt, error_1, u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = - deserialize_then_decompress_message_c0(uu____4); + deserialize_then_decompress_message_6c(copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - compute_ring_element_v_d8(public_key->t_as_ntt, r_as_ntt, &error_2, + compute_ring_element_v_ba(public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( uu____5, u, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - compress_then_serialize_u_e7( + compress_then_serialize_u_62( uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, - uint8_t, Eurydice_slice)); + uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; - compress_then_serialize_ring_element_v_1d( - uu____6, - Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, - uint8_t, size_t, Eurydice_slice)); + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } @@ -8622,51 +9456,51 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_5c( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, public_key->public_key_hash, uint8_t, - Eurydice_slice), - uint8_t, void *); + size_t); + Eurydice_slice_copy(uu____0, + Eurydice_array_to_slice( + (size_t)32U, public_key->public_key_hash, uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____2 = &public_key->ind_cpa_public_key; - uint8_t uu____3[32U]; - memcpy(uu____3, randomness, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_84(uu____2, uu____3, pseudorandomness, ciphertext); + encrypt_unpacked_09(uu____2, copy_of_randomness, pseudorandomness, + ciphertext); uint8_t shared_secret_array[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t, - Eurydice_slice), - shared_secret, uint8_t, void *); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + Eurydice_slice_copy( + Eurydice_array_to_slice((size_t)32U, shared_secret_array, uint8_t), + shared_secret, uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_100(uu____4); - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } @@ -8680,15 +9514,20 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_5a(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_4c(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - randomness, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + randomness, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + This function deserializes ring elements and reduces the result by the field + modulus. + + This function MUST NOT be used on secret inputs. +*/ /** A monomorphic instance of libcrux_ml_kem.serialize.deserialize_ring_elements_reduced with types @@ -8696,14 +9535,14 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - PUBLIC_KEY_SIZE= 1152 - K= 3 */ -static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d( +static KRML_MUSTINLINE void deserialize_ring_elements_reduced_9d( Eurydice_slice public_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 deserialized_pk[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, deserialized_pk[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(public_key, uint8_t, size_t) / + i < Eurydice_slice_len(public_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -8711,9 +9550,9 @@ static KRML_MUSTINLINE void deserialize_ring_elements_reduced_1d( public_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_reduced_ring_element_a4(ring_element); + deserialize_to_reduced_ring_element_e1(ring_element); deserialized_pk[i0] = uu____0; } memcpy( @@ -8739,49 +9578,52 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_aa(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - deserialize_ring_elements_reduced_1d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t, - Eurydice_slice), + deserialize_ring_elements_reduced_9d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), t_as_ntt); - Eurydice_slice seed = Eurydice_slice_subslice_from( - public_key, (size_t)1152U, uint8_t, size_t, Eurydice_slice); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_05(ret0, false, A); uint8_t seed_for_A[32U]; core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U], void *); + Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); core_result_unwrap_41_83(dst, seed_for_A); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; memcpy( - uu____0, t_as_ntt, + copy_of_t_as_ntt, t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1[3U][3U]; - memcpy(uu____1, A, + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; + memcpy(copy_of_A, A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - uint8_t uu____2[32U]; - memcpy(uu____2, seed_for_A, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_seed_for_A[32U]; + memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 public_key_unpacked; memcpy( - public_key_unpacked.t_as_ntt, uu____0, + public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, uu____2, + memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, uu____1, + memcpy(public_key_unpacked.A, copy_of_A, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &public_key_unpacked; - uint8_t uu____4[32U]; - memcpy(uu____4, message, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); uint8_t ret1[1088U]; - encrypt_unpacked_84(uu____3, uu____4, randomness, ret1); + encrypt_unpacked_09(uu____3, copy_of_message, randomness, ret1); memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); } @@ -8796,12 +9638,11 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_ee(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_08(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - core_slice___Slice_T___copy_from_slice( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), - shared_secret, uint8_t, void *); + Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + shared_secret, uint8_t); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } @@ -8824,62 +9665,62 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_fa( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_5a( - Eurydice_array_to_slice((size_t)32U, randomness, uint8_t, Eurydice_slice), - randomness0); + entropy_preprocess_af_4c( + Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t, - Eurydice_slice), - to_hash); + Eurydice_array_to_slice((size_t)32U, randomness0, uint8_t), to_hash); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, - size_t, Eurydice_slice); + size_t); uint8_t ret[32U]; H_f1_1a(Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), - uint8_t, Eurydice_slice), + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), + uint8_t), ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)32U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)32U, ret, uint8_t), uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; Eurydice_slice uu____2 = Eurydice_array_to_slice( - (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_3b0(public_key), uint8_t, - Eurydice_slice); - uint8_t uu____3[32U]; - memcpy(uu____3, randomness0, (size_t)32U * sizeof(uint8_t)); + (size_t)1184U, libcrux_ml_kem_types_as_slice_cb_6f0(public_key), uint8_t); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_randomness[32U]; + memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_aa(uu____2, uu____3, pseudorandomness, ciphertext); - uint8_t uu____4[1088U]; - memcpy(uu____4, ciphertext, (size_t)1088U * sizeof(uint8_t)); + encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_ciphertext[1088U]; + memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_100(uu____4); + libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_ee(shared_secret, shared_secret_array); + kdf_af_08(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; - uint8_t uu____6[32U]; - memcpy(uu____6, shared_secret_array, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_shared_secret_array[32U]; + memcpy(copy_of_shared_secret_array, shared_secret_array, + (size_t)32U * sizeof(uint8_t)); tuple_3c lit; lit.fst = uu____5; - memcpy(lit.snd, uu____6, (size_t)32U * sizeof(uint8_t)); + memcpy(lit.snd, copy_of_shared_secret_array, (size_t)32U * sizeof(uint8_t)); return lit; } +/** + Call [`deserialize_then_decompress_ring_element_u`] on each ring element + in the `ciphertext`. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_then_decompress_u with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8888,17 +9729,16 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_22( +static KRML_MUSTINLINE void deserialize_then_decompress_u_47( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, u_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len( - Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t, - Eurydice_slice), - uint8_t, size_t) / + i < Eurydice_slice_len( + Eurydice_array_to_slice((size_t)1088U, ciphertext, uint8_t), + uint8_t) / (LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U); i++) { @@ -8911,17 +9751,21 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_22( (size_t)10U / (size_t)8U) + LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, - uint8_t, Eurydice_slice); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_then_decompress_ring_element_u_c2(u_bytes); - u_as_ntt[i0] = uu____0; - ntt_vector_u_39(&u_as_ntt[i0]); + uint8_t); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); + ntt_vector_u_c0(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); } +/** + The following functions compute various expressions involving + vectors and matrices. The computation of these expressions has been + abstracted away into these functions in order to save on loop iterations. + Compute v − InverseNTT(sᵀ ◦ NTT(u)) +*/ /** A monomorphic instance of libcrux_ml_kem.matrix.compute_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8929,7 +9773,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_c1( +compute_message_2f( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -8938,11 +9782,35 @@ compute_message_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 product = ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); - invert_ntt_montgomery_7b(&result); - result = subtract_reduce_89_c3(v, result); + invert_ntt_montgomery_95(&result); + result = subtract_reduce_89_fc(v, result); return result; } +/** + This function implements Algorithm 14 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE decryption algorithm. + + Algorithm 14 is reproduced below: + + ```plaintext + Input: decryption key dkₚₖₑ ∈ 𝔹^{384k}. + Input: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + Output: message m ∈ 𝔹^{32}. + + c₁ ← c[0 : 32dᵤk] + c₂ ← c[32dᵤk : 32(dᵤk + dᵥ)] + u ← Decompress_{dᵤ}(ByteDecode_{dᵤ}(c₁)) + v ← Decompress_{dᵥ}(ByteDecode_{dᵥ}(c₂)) + ŝ ← ByteDecode₁₂(dkₚₖₑ) + w ← v - NTT-¹(ŝᵀ ◦ NTT(u)) + m ← ByteEncode₁(Compress₁(w)) + return m + ``` + + The NIST FIPS 203 standard can be found at + . +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.decrypt_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -8953,20 +9821,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_89( +static void decrypt_unpacked_82( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_22(ciphertext, u_as_ntt); + deserialize_then_decompress_u_47(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_68( + deserialize_then_decompress_ring_element_v_21( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, - (size_t)960U, uint8_t, size_t, - Eurydice_slice)); + (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_c1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_2f(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_79(message, ret0); + compress_then_serialize_message_2e(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9006,83 +9873,82 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_75( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_89(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_82(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); Eurydice_slice uu____0 = Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + uint8_t, size_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_slice((size_t)32U, key_pair->public_key.public_key_hash, - uint8_t, Eurydice_slice), - uint8_t, void *); + uint8_t), + uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret = uu____1.fst; Eurydice_slice pseudorandomness = uu____1.snd; uint8_t to_hash[1120U]; libcrux_ml_kem_utils_into_padded_array_ea3( - Eurydice_array_to_slice((size_t)32U, - key_pair->private_key.implicit_rejection_value, - uint8_t, Eurydice_slice), + Eurydice_array_to_slice( + (size_t)32U, key_pair->private_key.implicit_rejection_value, uint8_t), to_hash); Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____2, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret[32U]; - PRF_f1_ee( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = &key_pair->public_key.ind_cpa_public_key; - uint8_t uu____4[32U]; - memcpy(uu____4, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_84(uu____3, uu____4, pseudorandomness, expected_ciphertext); + encrypt_unpacked_09(uu____3, copy_of_decrypted, pseudorandomness, + expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice)); + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( shared_secret, Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), selector, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } +/** + Call [`deserialize_to_uncompressed_ring_element`] for each ring element. +*/ /** A monomorphic instance of libcrux_ml_kem.ind_cpa.deserialize_secret_key with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_42( +static KRML_MUSTINLINE void deserialize_secret_key_28( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, secret_as_ntt[i] = ZERO_89_8d();); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(secret_key, uint8_t, size_t) / + i < Eurydice_slice_len(secret_key, uint8_t) / LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT; i++) { size_t i0 = i; @@ -9090,9 +9956,9 @@ static KRML_MUSTINLINE void deserialize_secret_key_42( secret_key, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, i0 * LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT + LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, - uint8_t, Eurydice_slice); + uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_f3(secret_bytes); + deserialize_to_uncompressed_ring_element_61(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9110,21 +9976,22 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_ac(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_42(secret_key, secret_as_ntt); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0[3U]; + deserialize_secret_key_28(secret_key, secret_as_ntt); + /* Passing arrays by value in Rust generates a copy in C */ + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( - uu____0, secret_as_ntt, + copy_of_secret_as_ntt, secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 secret_key_unpacked; memcpy( - secret_key_unpacked.secret_as_ntt, uu____0, + secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - decrypt_unpacked_89(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_82(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9150,41 +10017,37 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_24( +void libcrux_ml_kem_ind_cca_decapsulate_b2( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t, - Eurydice_slice), + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)2400U, private_key->value, uint8_t), (size_t)1152U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_secret_key = uu____0.fst; Eurydice_slice secret_key0 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at( secret_key0, (size_t)1184U, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key = uu____1.fst; Eurydice_slice secret_key = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at( secret_key, LIBCRUX_ML_KEM_CONSTANTS_H_DIGEST_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_ac(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( - Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t, Eurydice_slice), - to_hash0); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); + Eurydice_slice_copy( Eurydice_array_to_subslice_from( (size_t)64U, to_hash0, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice), - ind_cpa_public_key_hash, uint8_t, void *); + uint8_t, size_t), + ind_cpa_public_key_hash, uint8_t); uint8_t hashed[64U]; - G_f1_e4( - Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t, Eurydice_slice), - hashed); - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at( - Eurydice_array_to_slice((size_t)64U, hashed, uint8_t, Eurydice_slice), + G_f1_e4(Eurydice_array_to_slice((size_t)64U, to_hash0, uint8_t), hashed); + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at( + Eurydice_array_to_slice((size_t)64U, hashed, uint8_t), LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice shared_secret0 = uu____3.fst; @@ -9193,34 +10056,31 @@ void libcrux_ml_kem_ind_cca_decapsulate_24( libcrux_ml_kem_utils_into_padded_array_ea3(implicit_rejection_value, to_hash); Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, - uint8_t, size_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, libcrux_ml_kem_types_as_ref_00_790(ciphertext), uint8_t, void *); + uint8_t, size_t); + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; - PRF_f1_ee( - Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t, Eurydice_slice), - implicit_rejection_shared_secret0); + PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), + implicit_rejection_shared_secret0); Eurydice_slice uu____5 = ind_cpa_public_key; - uint8_t uu____6[32U]; - memcpy(uu____6, decrypted, (size_t)32U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_decrypted[32U]; + memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_aa(uu____5, uu____6, pseudorandomness, expected_ciphertext); + encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_ee( - Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, - uint8_t, Eurydice_slice), - implicit_rejection_shared_secret); + kdf_af_08(Eurydice_array_to_slice((size_t)32U, + implicit_rejection_shared_secret0, uint8_t), + implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_ee(shared_secret0, shared_secret); + kdf_af_08(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_790(ciphertext), - Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t, - Eurydice_slice), - Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t, - Eurydice_slice), + libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), + Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, - uint8_t, Eurydice_slice), + uint8_t), ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index 3e6277eff..b345560f3 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_mlkem_portable_H @@ -205,6 +205,19 @@ libcrux_ml_kem_vector_portable_cond_subtract_3329_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_BARRETT_SHIFT) +/** + Signed Barrett Reduction + + Given an input `value`, `barrett_reduce` outputs a representative `result` + such that: + + - result ≡ value (mod FIELD_MODULUS) + - the absolute value of `result` is bound as follows: + + `|result| ≤ FIELD_MODULUS / 2 · (|value|/BARRETT_R + 1) + + In particular, if `|value| < BARRETT_R`, then `|result| < FIELD_MODULUS`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_barrett_reduce_element( int16_t value); @@ -226,9 +239,34 @@ libcrux_ml_kem_vector_portable_barrett_reduce_0d( ((int32_t)1 << (uint32_t) \ LIBCRUX_ML_KEM_VECTOR_PORTABLE_ARITHMETIC_MONTGOMERY_SHIFT) +/** + Signed Montgomery Reduction + + Given an input `value`, `montgomery_reduce` outputs a representative `o` + such that: + + - o ≡ value · MONTGOMERY_R^(-1) (mod FIELD_MODULUS) + - the absolute value of `o` is bound as follows: + + `|result| ≤ (|value| / MONTGOMERY_R) + (FIELD_MODULUS / 2) + + In particular, if `|value| ≤ FIELD_MODULUS * MONTGOMERY_R`, then `|o| < (3 · + FIELD_MODULUS) / 2`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_reduce_element( int32_t value); +/** + If `fe` is some field element 'x' of the Kyber field and `fer` is congruent to + `y · MONTGOMERY_R`, this procedure outputs a value that is congruent to + `x · y`, as follows: + + `fe · fer ≡ x · y · MONTGOMERY_R (mod FIELD_MODULUS)` + + `montgomery_reduce` takes the value `x · y · MONTGOMERY_R` and outputs a + representative `x · y · MONTGOMERY_R * MONTGOMERY_R^{-1} ≡ x · y (mod + FIELD_MODULUS)`. +*/ int16_t libcrux_ml_kem_vector_portable_arithmetic_montgomery_multiply_fe_by_fer( int16_t fe, int16_t fer); @@ -244,6 +282,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_montgomery_multiply_by_constant_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector v, int16_t r); +/** + The `compress_*` functions implement the `Compress` function specified in the + NIST FIPS 203 standard (Page 18, Expression 4.5), which is defined as: + + ```plaintext + Compress_d: ℤq -> ℤ_{2ᵈ} + Compress_d(x) = ⌈(2ᵈ/q)·x⌋ + ``` + + Since `⌈x⌋ = ⌊x + 1/2⌋` we have: + + ```plaintext + Compress_d(x) = ⌊(2ᵈ/q)·x + 1/2⌋ + = ⌊(2^{d+1}·x + q) / 2q⌋ + ``` + + For further information about the function implementations, consult the + `implementation_notes.pdf` document in this directory. + + The NIST FIPS 203 standard can be found at + . +*/ uint8_t libcrux_ml_kem_vector_portable_compress_compress_message_coefficient( uint16_t fe); @@ -353,6 +413,28 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector libcrux_ml_kem_vector_portable_inv_ntt_layer_3_step_0d( libcrux_ml_kem_vector_portable_vector_type_PortableVector a, int16_t zeta); +/** + Compute the product of two Kyber binomials with respect to the + modulus `X² - zeta`. + + This function almost implements Algorithm 11 of the + NIST FIPS 203 standard, which is reproduced below: + + ```plaintext + Input: a₀, a₁, b₀, b₁ ∈ ℤq. + Input: γ ∈ ℤq. + Output: c₀, c₁ ∈ ℤq. + + c₀ ← a₀·b₀ + a₁·b₁·γ + c₁ ← a₀·b₁ + a₁·b₀ + return c₀, c₁ + ``` + We say "almost" because the coefficients output by this function are in + the Montgomery domain (unlike in the specification). + + The NIST FIPS 203 standard can be found at + . +*/ void libcrux_ml_kem_vector_portable_ntt_ntt_multiply_binomials( libcrux_ml_kem_vector_portable_vector_type_PortableVector *a, libcrux_ml_kem_vector_portable_vector_type_PortableVector *b, int16_t zeta, diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index d25fce762..4b687c6e4 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_H @@ -22,6 +22,9 @@ extern "C" { #include "libcrux_core.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -29,6 +32,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha512(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce(buf0, buf); } +/** + A portable SHA3 256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -36,6 +42,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha256(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce0(buf0, buf); } +/** + A portable SHAKE256 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -43,6 +52,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake256( libcrux_sha3_portable_keccakx1_ce1(buf0, buf); } +/** + A portable SHA3 224 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -50,6 +62,9 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha224(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce2(buf0, buf); } +/** + A portable SHA3 384 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -57,58 +72,88 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_sha384(Eurydice_slice digest, libcrux_sha3_portable_keccakx1_ce3(buf0, buf); } +/** + SHA3 224 + + Preconditions: + - `digest.len() == 28` +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha224(digest, payload); } +/** + SHA3 224 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha224(Eurydice_slice data, uint8_t ret[28U]) { uint8_t out[28U] = {0U}; - libcrux_sha3_sha224_ema( - Eurydice_array_to_slice((size_t)28U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha224_ema(Eurydice_array_to_slice((size_t)28U, out, uint8_t), + data); memcpy(ret, out, (size_t)28U * sizeof(uint8_t)); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha256(digest, payload); } +/** + SHA3 256 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha256(Eurydice_slice data, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; - libcrux_sha3_sha256_ema( - Eurydice_array_to_slice((size_t)32U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha256_ema(Eurydice_array_to_slice((size_t)32U, out, uint8_t), + data); memcpy(ret, out, (size_t)32U * sizeof(uint8_t)); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha384(digest, payload); } +/** + SHA3 384 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha384(Eurydice_slice data, uint8_t ret[48U]) { uint8_t out[48U] = {0U}; - libcrux_sha3_sha384_ema( - Eurydice_array_to_slice((size_t)48U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha384_ema(Eurydice_array_to_slice((size_t)48U, out, uint8_t), + data); memcpy(ret, out, (size_t)48U * sizeof(uint8_t)); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512_ema(Eurydice_slice digest, Eurydice_slice payload) { libcrux_sha3_portable_sha512(digest, payload); } +/** + SHA3 512 +*/ static KRML_MUSTINLINE void libcrux_sha3_sha512(Eurydice_slice data, uint8_t ret[64U]) { uint8_t out[64U] = {0U}; - libcrux_sha3_sha512_ema( - Eurydice_array_to_slice((size_t)64U, out, uint8_t, Eurydice_slice), data); + libcrux_sha3_sha512_ema(Eurydice_array_to_slice((size_t)64U, out, uint8_t), + data); memcpy(ret, out, (size_t)64U * sizeof(uint8_t)); } +/** + A portable SHAKE128 implementation. +*/ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( Eurydice_slice digest, Eurydice_slice data) { Eurydice_slice buf0[1U] = {data}; @@ -116,11 +161,21 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_shake128( libcrux_sha3_portable_keccakx1_ce4(buf0, buf); } +/** + SHAKE 128 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake128_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake128(out, data); } +/** + SHAKE 256 + + Writes `out.len()` bytes. +*/ static KRML_MUSTINLINE void libcrux_sha3_shake256_ema(Eurydice_slice out, Eurydice_slice data) { libcrux_sha3_portable_shake256(out, data); diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index e606bafb5..45c073926 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "internal/libcrux_sha3_avx2.h" @@ -19,29 +19,24 @@ This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i zero_ef(void) { - return libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)0); +static KRML_MUSTINLINE __m256i zero_ef(void) { + return mm256_set1_epi64x((int64_t)0); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veor5q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); - core_core_arch_x86___m256i cd = libcrux_intrinsics_avx2_mm256_xor_si256(c, d); - core_core_arch_x86___m256i abcd = - libcrux_intrinsics_avx2_mm256_xor_si256(ab, cd); - return libcrux_intrinsics_avx2_mm256_xor_si256(abcd, e); +static KRML_MUSTINLINE __m256i _veor5q_u64(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { + __m256i ab = mm256_xor_si256(a, b); + __m256i cd = mm256_xor_si256(c, d); + __m256i abcd = mm256_xor_si256(ab, cd); + return mm256_xor_si256(abcd, e); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor5_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c, core_core_arch_x86___m256i d, - core_core_arch_x86___m256i e) { +static KRML_MUSTINLINE __m256i xor5_ef(__m256i a, __m256i b, __m256i c, + __m256i d, __m256i e) { return _veor5q_u64(a, b, c, d, e); } @@ -51,60 +46,46 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_58(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)1, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)63, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_58(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)1, x, __m256i), + mm256_srli_epi64((int32_t)63, x, __m256i)); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vrax1q_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i uu____0 = a; - return libcrux_intrinsics_avx2_mm256_xor_si256(uu____0, rotate_left_58(b)); +static KRML_MUSTINLINE __m256i _vrax1q_u64(__m256i a, __m256i b) { + __m256i uu____0 = a; + return mm256_xor_si256(uu____0, rotate_left_58(b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i rotate_left1_and_xor_ef( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i rotate_left1_and_xor_ef(__m256i a, __m256i b) { return _vrax1q_u64(a, b); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vbcaxq_u64(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - a, libcrux_intrinsics_avx2_mm256_andnot_si256(c, b)); +static KRML_MUSTINLINE __m256i _vbcaxq_u64(__m256i a, __m256i b, __m256i c) { + return mm256_xor_si256(a, mm256_andnot_si256(c, b)); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -and_not_xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b, - core_core_arch_x86___m256i c) { +static KRML_MUSTINLINE __m256i and_not_xor_ef(__m256i a, __m256i b, __m256i c) { return _vbcaxq_u64(a, b, c); } -static KRML_MUSTINLINE core_core_arch_x86___m256i -_veorq_n_u64(core_core_arch_x86___m256i a, uint64_t c) { - core_core_arch_x86___m256i c0 = - libcrux_intrinsics_avx2_mm256_set1_epi64x((int64_t)c); - return libcrux_intrinsics_avx2_mm256_xor_si256(a, c0); +static KRML_MUSTINLINE __m256i _veorq_n_u64(__m256i a, uint64_t c) { + __m256i c0 = mm256_set1_epi64x((int64_t)c); + return mm256_xor_si256(a, c0); } /** This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { +static KRML_MUSTINLINE __m256i xor_constant_ef(__m256i a, uint64_t c) { return _veorq_n_u64(a, c); } @@ -112,21 +93,16 @@ xor_constant_ef(core_core_arch_x86___m256i a, uint64_t c) { This function found in impl {(libcrux_sha3::traits::internal::KeccakItem<4: usize> for core::core_arch::x86::__m256i)} */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -xor_ef(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - return libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i xor_ef(__m256i a, __m256i b) { + return mm256_xor_si256(a, b); } static KRML_MUSTINLINE void slice_4(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); - ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t, - Eurydice_slice); - ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t, - Eurydice_slice); - ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); + ret[1U] = Eurydice_slice_subslice2(a[1U], start, start + len, uint8_t); + ret[2U] = Eurydice_slice_subslice2(a[2U], start, start + len, uint8_t); + ret[3U] = Eurydice_slice_subslice2(a[3U], start, start + len, uint8_t); } /** @@ -135,10 +111,11 @@ usize> for core::core_arch::x86::__m256i)} */ static KRML_MUSTINLINE void slice_n_ef(Eurydice_slice a[4U], size_t start, size_t len, Eurydice_slice ret[4U]) { - Eurydice_slice uu____0[4U]; - memcpy(uu____0, a, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[4U]; + memcpy(copy_of_a, a, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret0[4U]; - slice_4(uu____0, start, len, ret0); + slice_4(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)4U * sizeof(Eurydice_slice)); } @@ -148,19 +125,19 @@ split_at_mut_4(Eurydice_slice out[4U], size_t mid) { Eurydice_slice out1 = out[1U]; Eurydice_slice out2 = out[2U]; Eurydice_slice out3 = out[3U]; - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out0, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; - Eurydice_slice_uint8_t_x2 uu____1 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____1 = Eurydice_slice_split_at_mut( out1, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out10 = uu____1.fst; Eurydice_slice out11 = uu____1.snd; - Eurydice_slice_uint8_t_x2 uu____2 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____2 = Eurydice_slice_split_at_mut( out2, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out20 = uu____2.fst; Eurydice_slice out21 = uu____2.snd; - Eurydice_slice_uint8_t_x2 uu____3 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____3 = Eurydice_slice_split_at_mut( out3, mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out30 = uu____3.fst; Eurydice_slice out31 = uu____3.snd; @@ -185,6 +162,9 @@ split_at_mut_n_ef(Eurydice_slice a[4U], size_t mid) { return split_at_mut_4(a, mid); } +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -231,144 +211,114 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_c7(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c7(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)136U % (size_t)32U; size_t start = (size_t)32U * ((size_t)136U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -381,12 +331,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_ef_65( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, b, (size_t)4U * sizeof(Eurydice_slice)); - load_block_c7(uu____0, uu____1); +static KRML_MUSTINLINE void load_block_ef_65(__m256i (*a)[5U], + Eurydice_slice b[4U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[4U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(Eurydice_slice)); + load_block_c7(uu____0, copy_of_b); } /** @@ -395,13 +346,9 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_580(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)36, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)28, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_580(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)36, x, __m256i), + mm256_srli_epi64((int32_t)28, x, __m256i)); } /** @@ -410,9 +357,8 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c1(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c1(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_580(ab); } @@ -426,8 +372,7 @@ with const generics - LEFT= 36 - RIGHT= 28 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_17( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_17(__m256i a, __m256i b) { return _vxarq_u64_c1(a, b); } @@ -437,13 +382,9 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_581(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)3, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)61, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_581(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)3, x, __m256i), + mm256_srli_epi64((int32_t)61, x, __m256i)); } /** @@ -452,9 +393,8 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c10(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c10(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_581(ab); } @@ -468,8 +408,7 @@ with const generics - LEFT= 3 - RIGHT= 61 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_170( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_170(__m256i a, __m256i b) { return _vxarq_u64_c10(a, b); } @@ -479,13 +418,9 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_582(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)41, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)23, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_582(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)41, x, __m256i), + mm256_srli_epi64((int32_t)23, x, __m256i)); } /** @@ -494,9 +429,8 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c11(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c11(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_582(ab); } @@ -510,8 +444,7 @@ with const generics - LEFT= 41 - RIGHT= 23 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_171( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_171(__m256i a, __m256i b) { return _vxarq_u64_c11(a, b); } @@ -521,13 +454,9 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_583(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)18, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)46, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_583(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)18, x, __m256i), + mm256_srli_epi64((int32_t)46, x, __m256i)); } /** @@ -536,9 +465,8 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c12(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c12(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_583(ab); } @@ -552,8 +480,7 @@ with const generics - LEFT= 18 - RIGHT= 46 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_172( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_172(__m256i a, __m256i b) { return _vxarq_u64_c12(a, b); } @@ -563,9 +490,8 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c13(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c13(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_58(ab); } @@ -579,8 +505,7 @@ with const generics - LEFT= 1 - RIGHT= 63 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_173( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_173(__m256i a, __m256i b) { return _vxarq_u64_c13(a, b); } @@ -590,13 +515,9 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_584(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)44, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)20, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_584(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)44, x, __m256i), + mm256_srli_epi64((int32_t)20, x, __m256i)); } /** @@ -605,9 +526,8 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c14(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c14(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_584(ab); } @@ -621,8 +541,7 @@ with const generics - LEFT= 44 - RIGHT= 20 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_174( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_174(__m256i a, __m256i b) { return _vxarq_u64_c14(a, b); } @@ -632,13 +551,9 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_585(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)10, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)54, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_585(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)10, x, __m256i), + mm256_srli_epi64((int32_t)54, x, __m256i)); } /** @@ -647,9 +562,8 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c15(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c15(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_585(ab); } @@ -663,8 +577,7 @@ with const generics - LEFT= 10 - RIGHT= 54 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_175( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_175(__m256i a, __m256i b) { return _vxarq_u64_c15(a, b); } @@ -674,13 +587,9 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_586(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)45, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)19, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_586(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)45, x, __m256i), + mm256_srli_epi64((int32_t)19, x, __m256i)); } /** @@ -689,9 +598,8 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c16(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c16(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_586(ab); } @@ -705,8 +613,7 @@ with const generics - LEFT= 45 - RIGHT= 19 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_176( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_176(__m256i a, __m256i b) { return _vxarq_u64_c16(a, b); } @@ -716,13 +623,9 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_587(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)2, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)62, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_587(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)2, x, __m256i), + mm256_srli_epi64((int32_t)62, x, __m256i)); } /** @@ -731,9 +634,8 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c17(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c17(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_587(ab); } @@ -747,8 +649,7 @@ with const generics - LEFT= 2 - RIGHT= 62 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_177( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_177(__m256i a, __m256i b) { return _vxarq_u64_c17(a, b); } @@ -758,13 +659,9 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_588(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)62, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)2, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_588(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)62, x, __m256i), + mm256_srli_epi64((int32_t)2, x, __m256i)); } /** @@ -773,9 +670,8 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c18(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c18(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_588(ab); } @@ -789,8 +685,7 @@ with const generics - LEFT= 62 - RIGHT= 2 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_178( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_178(__m256i a, __m256i b) { return _vxarq_u64_c18(a, b); } @@ -800,13 +695,9 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_589(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)6, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)58, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_589(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)6, x, __m256i), + mm256_srli_epi64((int32_t)58, x, __m256i)); } /** @@ -815,9 +706,8 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c19(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c19(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_589(ab); } @@ -831,8 +721,7 @@ with const generics - LEFT= 6 - RIGHT= 58 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_179( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_179(__m256i a, __m256i b) { return _vxarq_u64_c19(a, b); } @@ -842,13 +731,9 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5810(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)43, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)21, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5810(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)43, x, __m256i), + mm256_srli_epi64((int32_t)21, x, __m256i)); } /** @@ -857,9 +742,8 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c110(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c110(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5810(ab); } @@ -873,8 +757,7 @@ with const generics - LEFT= 43 - RIGHT= 21 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1710( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1710(__m256i a, __m256i b) { return _vxarq_u64_c110(a, b); } @@ -884,13 +767,9 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5811(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)15, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)49, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5811(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)15, x, __m256i), + mm256_srli_epi64((int32_t)49, x, __m256i)); } /** @@ -899,9 +778,8 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c111(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c111(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5811(ab); } @@ -915,8 +793,7 @@ with const generics - LEFT= 15 - RIGHT= 49 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1711( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1711(__m256i a, __m256i b) { return _vxarq_u64_c111(a, b); } @@ -926,13 +803,9 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5812(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)61, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)3, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5812(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)61, x, __m256i), + mm256_srli_epi64((int32_t)3, x, __m256i)); } /** @@ -941,9 +814,8 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c112(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c112(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5812(ab); } @@ -957,8 +829,7 @@ with const generics - LEFT= 61 - RIGHT= 3 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1712( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1712(__m256i a, __m256i b) { return _vxarq_u64_c112(a, b); } @@ -968,13 +839,9 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5813(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)28, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)36, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5813(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)28, x, __m256i), + mm256_srli_epi64((int32_t)36, x, __m256i)); } /** @@ -983,9 +850,8 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c113(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c113(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5813(ab); } @@ -999,8 +865,7 @@ with const generics - LEFT= 28 - RIGHT= 36 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1713( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1713(__m256i a, __m256i b) { return _vxarq_u64_c113(a, b); } @@ -1010,13 +875,9 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5814(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)55, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)9, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5814(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)55, x, __m256i), + mm256_srli_epi64((int32_t)9, x, __m256i)); } /** @@ -1025,9 +886,8 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c114(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c114(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5814(ab); } @@ -1041,8 +901,7 @@ with const generics - LEFT= 55 - RIGHT= 9 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1714( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1714(__m256i a, __m256i b) { return _vxarq_u64_c114(a, b); } @@ -1052,13 +911,9 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5815(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)25, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)39, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5815(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)25, x, __m256i), + mm256_srli_epi64((int32_t)39, x, __m256i)); } /** @@ -1067,9 +922,8 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c115(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c115(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5815(ab); } @@ -1083,8 +937,7 @@ with const generics - LEFT= 25 - RIGHT= 39 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1715( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1715(__m256i a, __m256i b) { return _vxarq_u64_c115(a, b); } @@ -1094,13 +947,9 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5816(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)21, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)43, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5816(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)21, x, __m256i), + mm256_srli_epi64((int32_t)43, x, __m256i)); } /** @@ -1109,9 +958,8 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c116(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c116(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5816(ab); } @@ -1125,8 +973,7 @@ with const generics - LEFT= 21 - RIGHT= 43 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1716( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1716(__m256i a, __m256i b) { return _vxarq_u64_c116(a, b); } @@ -1136,13 +983,9 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5817(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)56, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)8, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5817(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)56, x, __m256i), + mm256_srli_epi64((int32_t)8, x, __m256i)); } /** @@ -1151,9 +994,8 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c117(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c117(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5817(ab); } @@ -1167,8 +1009,7 @@ with const generics - LEFT= 56 - RIGHT= 8 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1717( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1717(__m256i a, __m256i b) { return _vxarq_u64_c117(a, b); } @@ -1178,13 +1019,9 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5818(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)27, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)37, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5818(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)27, x, __m256i), + mm256_srli_epi64((int32_t)37, x, __m256i)); } /** @@ -1193,9 +1030,8 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c118(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c118(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5818(ab); } @@ -1209,8 +1045,7 @@ with const generics - LEFT= 27 - RIGHT= 37 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1718( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1718(__m256i a, __m256i b) { return _vxarq_u64_c118(a, b); } @@ -1220,13 +1055,9 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5819(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)20, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)44, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5819(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)20, x, __m256i), + mm256_srli_epi64((int32_t)44, x, __m256i)); } /** @@ -1235,9 +1066,8 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c119(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c119(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5819(ab); } @@ -1251,8 +1081,7 @@ with const generics - LEFT= 20 - RIGHT= 44 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1719( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1719(__m256i a, __m256i b) { return _vxarq_u64_c119(a, b); } @@ -1262,13 +1091,9 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5820(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)39, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)25, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5820(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)39, x, __m256i), + mm256_srli_epi64((int32_t)25, x, __m256i)); } /** @@ -1277,9 +1102,8 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c120(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c120(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5820(ab); } @@ -1293,8 +1117,7 @@ with const generics - LEFT= 39 - RIGHT= 25 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1720( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1720(__m256i a, __m256i b) { return _vxarq_u64_c120(a, b); } @@ -1304,13 +1127,9 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5821(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)8, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)56, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5821(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)8, x, __m256i), + mm256_srli_epi64((int32_t)56, x, __m256i)); } /** @@ -1319,9 +1138,8 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c121(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c121(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5821(ab); } @@ -1335,8 +1153,7 @@ with const generics - LEFT= 8 - RIGHT= 56 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1721( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1721(__m256i a, __m256i b) { return _vxarq_u64_c121(a, b); } @@ -1346,13 +1163,9 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -rotate_left_5822(core_core_arch_x86___m256i x) { - return libcrux_intrinsics_avx2_mm256_xor_si256( - libcrux_intrinsics_avx2_mm256_slli_epi64((int32_t)14, x, - core_core_arch_x86___m256i), - libcrux_intrinsics_avx2_mm256_srli_epi64((int32_t)50, x, - core_core_arch_x86___m256i)); +static KRML_MUSTINLINE __m256i rotate_left_5822(__m256i x) { + return mm256_xor_si256(mm256_slli_epi64((int32_t)14, x, __m256i), + mm256_srli_epi64((int32_t)50, x, __m256i)); } /** @@ -1361,9 +1174,8 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i -_vxarq_u64_c122(core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { - core_core_arch_x86___m256i ab = libcrux_intrinsics_avx2_mm256_xor_si256(a, b); +static KRML_MUSTINLINE __m256i _vxarq_u64_c122(__m256i a, __m256i b) { + __m256i ab = mm256_xor_si256(a, b); return rotate_left_5822(ab); } @@ -1377,8 +1189,7 @@ with const generics - LEFT= 14 - RIGHT= 50 */ -static KRML_MUSTINLINE core_core_arch_x86___m256i xor_and_rotate_ef_1722( - core_core_arch_x86___m256i a, core_core_arch_x86___m256i b) { +static KRML_MUSTINLINE __m256i xor_and_rotate_ef_1722(__m256i a, __m256i b) { return _vxarq_u64_c122(a, b); } @@ -1390,105 +1201,57 @@ with const generics */ static KRML_MUSTINLINE void theta_rho_74( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i c[5U] = { - xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], s->st[3U][0U], - s->st[4U][0U]), - xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], s->st[3U][1U], - s->st[4U][1U]), - xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], s->st[3U][2U], - s->st[4U][2U]), - xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], s->st[3U][3U], - s->st[4U][3U]), - xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], s->st[3U][4U], - s->st[4U][4U])}; - core_core_arch_x86___m256i uu____0 = + __m256i c[5U] = {xor5_ef(s->st[0U][0U], s->st[1U][0U], s->st[2U][0U], + s->st[3U][0U], s->st[4U][0U]), + xor5_ef(s->st[0U][1U], s->st[1U][1U], s->st[2U][1U], + s->st[3U][1U], s->st[4U][1U]), + xor5_ef(s->st[0U][2U], s->st[1U][2U], s->st[2U][2U], + s->st[3U][2U], s->st[4U][2U]), + xor5_ef(s->st[0U][3U], s->st[1U][3U], s->st[2U][3U], + s->st[3U][3U], s->st[4U][3U]), + xor5_ef(s->st[0U][4U], s->st[1U][4U], s->st[2U][4U], + s->st[3U][4U], s->st[4U][4U])}; + __m256i uu____0 = rotate_left1_and_xor_ef(c[((size_t)0U + (size_t)4U) % (size_t)5U], c[((size_t)0U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____1 = + __m256i uu____1 = rotate_left1_and_xor_ef(c[((size_t)1U + (size_t)4U) % (size_t)5U], c[((size_t)1U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____2 = + __m256i uu____2 = rotate_left1_and_xor_ef(c[((size_t)2U + (size_t)4U) % (size_t)5U], c[((size_t)2U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i uu____3 = + __m256i uu____3 = rotate_left1_and_xor_ef(c[((size_t)3U + (size_t)4U) % (size_t)5U], c[((size_t)3U + (size_t)1U) % (size_t)5U]); - core_core_arch_x86___m256i t[5U] = { + __m256i t[5U] = { uu____0, uu____1, uu____2, uu____3, rotate_left1_and_xor_ef(c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = xor_ef(s->st[0U][0U], t[0U]); - core_core_arch_x86___m256i uu____4 = - xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - core_core_arch_x86___m256i uu____5 = - xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - core_core_arch_x86___m256i uu____6 = - xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - core_core_arch_x86___m256i uu____7 = - xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - core_core_arch_x86___m256i uu____8 = - xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - core_core_arch_x86___m256i uu____9 = - xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - core_core_arch_x86___m256i uu____10 = - xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - core_core_arch_x86___m256i uu____11 = - xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - core_core_arch_x86___m256i uu____12 = - xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - core_core_arch_x86___m256i uu____13 = - xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - core_core_arch_x86___m256i uu____14 = - xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - core_core_arch_x86___m256i uu____15 = - xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - core_core_arch_x86___m256i uu____16 = - xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - core_core_arch_x86___m256i uu____17 = - xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - core_core_arch_x86___m256i uu____18 = - xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - core_core_arch_x86___m256i uu____19 = - xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - core_core_arch_x86___m256i uu____20 = - xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - core_core_arch_x86___m256i uu____21 = - xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - core_core_arch_x86___m256i uu____22 = - xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - core_core_arch_x86___m256i uu____23 = - xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - core_core_arch_x86___m256i uu____24 = - xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - core_core_arch_x86___m256i uu____25 = - xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - core_core_arch_x86___m256i uu____26 = - xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; - core_core_arch_x86___m256i uu____27 = - xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); + s->st[1U][0U] = xor_and_rotate_ef_17(s->st[1U][0U], t[0U]); + s->st[2U][0U] = xor_and_rotate_ef_170(s->st[2U][0U], t[0U]); + s->st[3U][0U] = xor_and_rotate_ef_171(s->st[3U][0U], t[0U]); + s->st[4U][0U] = xor_and_rotate_ef_172(s->st[4U][0U], t[0U]); + s->st[0U][1U] = xor_and_rotate_ef_173(s->st[0U][1U], t[1U]); + s->st[1U][1U] = xor_and_rotate_ef_174(s->st[1U][1U], t[1U]); + s->st[2U][1U] = xor_and_rotate_ef_175(s->st[2U][1U], t[1U]); + s->st[3U][1U] = xor_and_rotate_ef_176(s->st[3U][1U], t[1U]); + s->st[4U][1U] = xor_and_rotate_ef_177(s->st[4U][1U], t[1U]); + s->st[0U][2U] = xor_and_rotate_ef_178(s->st[0U][2U], t[2U]); + s->st[1U][2U] = xor_and_rotate_ef_179(s->st[1U][2U], t[2U]); + s->st[2U][2U] = xor_and_rotate_ef_1710(s->st[2U][2U], t[2U]); + s->st[3U][2U] = xor_and_rotate_ef_1711(s->st[3U][2U], t[2U]); + s->st[4U][2U] = xor_and_rotate_ef_1712(s->st[4U][2U], t[2U]); + s->st[0U][3U] = xor_and_rotate_ef_1713(s->st[0U][3U], t[3U]); + s->st[1U][3U] = xor_and_rotate_ef_1714(s->st[1U][3U], t[3U]); + s->st[2U][3U] = xor_and_rotate_ef_1715(s->st[2U][3U], t[3U]); + s->st[3U][3U] = xor_and_rotate_ef_1716(s->st[3U][3U], t[3U]); + s->st[4U][3U] = xor_and_rotate_ef_1717(s->st[4U][3U], t[3U]); + s->st[0U][4U] = xor_and_rotate_ef_1718(s->st[0U][4U], t[4U]); + s->st[1U][4U] = xor_and_rotate_ef_1719(s->st[1U][4U], t[4U]); + s->st[2U][4U] = xor_and_rotate_ef_1720(s->st[2U][4U], t[4U]); + s->st[3U][4U] = xor_and_rotate_ef_1721(s->st[3U][4U], t[4U]); + __m256i uu____27 = xor_and_rotate_ef_1722(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; } @@ -1500,8 +1263,8 @@ with const generics */ static KRML_MUSTINLINE void pi_35( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); s->st[0U][1U] = old[1U][1U]; s->st[0U][2U] = old[2U][2U]; s->st[0U][3U] = old[3U][3U]; @@ -1536,8 +1299,8 @@ with const generics */ static KRML_MUSTINLINE void chi_09( libcrux_sha3_generic_keccak_KeccakState_29 *s) { - core_core_arch_x86___m256i old[5U][5U]; - memcpy(old, s->st, (size_t)5U * sizeof(core_core_arch_x86___m256i[5U])); + __m256i old[5U][5U]; + memcpy(old, s->st, (size_t)5U * sizeof(__m256i[5U])); KRML_MAYBE_FOR5( i0, (size_t)0U, (size_t)5U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR5(i, (size_t)0U, (size_t)5U, (size_t)1U, size_t j = i; @@ -1584,7 +1347,7 @@ with const generics */ static KRML_MUSTINLINE void absorb_block_1d( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice blocks[4U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = s->st; + __m256i(*uu____0)[5U] = s->st; Eurydice_slice uu____1[4U]; memcpy(uu____1, blocks, (size_t)4U * sizeof(Eurydice_slice)); load_block_ef_65(uu____0, uu____1); @@ -1596,16 +1359,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_91( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; +static KRML_MUSTINLINE void load_block_full_91(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c7(s, buf); } @@ -1618,12 +1378,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void load_block_full_ef_e9( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_91(uu____0, uu____1); +static KRML_MUSTINLINE void load_block_full_ef_e9(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_91(uu____0, copy_of_b); } /** @@ -1636,19 +1397,18 @@ with const generics */ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_d9( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)136U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_e9(uu____3, uu____4); @@ -1660,67 +1420,55 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e9(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v0l = mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)136U % (size_t)32U; @@ -1728,78 +1476,64 @@ static KRML_MUSTINLINE void store_block_e9(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)136U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)136U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)136U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -1808,29 +1542,32 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_0b( - core_core_arch_x86___m256i (*s)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_0b(__m256i (*s)[5U], + uint8_t ret[4U][200U]) { uint8_t out0[200U] = {0U}; uint8_t out1[200U] = {0U}; uint8_t out2[200U] = {0U}; uint8_t out3[200U] = {0U}; Eurydice_slice buf[4U] = { - Eurydice_array_to_slice((size_t)200U, out0, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out1, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out2, uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, out3, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out0, uint8_t), + Eurydice_array_to_slice((size_t)200U, out1, uint8_t), + Eurydice_array_to_slice((size_t)200U, out2, uint8_t), + Eurydice_array_to_slice((size_t)200U, out3, uint8_t)}; store_block_e9(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out0, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____1[200U]; - memcpy(uu____1, out1, (size_t)200U * sizeof(uint8_t)); - uint8_t uu____2[200U]; - memcpy(uu____2, out2, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out0[200U]; + memcpy(copy_of_out0, out0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out1[200U]; + memcpy(copy_of_out1, out1, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out2[200U]; + memcpy(copy_of_out2, out2, (size_t)200U * sizeof(uint8_t)); uint8_t uu____3[200U]; memcpy(uu____3, out3, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[1U], uu____1, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[2U], uu____2, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out0, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[1U], copy_of_out1, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[2U], copy_of_out2, (size_t)200U * sizeof(uint8_t)); memcpy(ret[3U], uu____3, (size_t)200U * sizeof(uint8_t)); } @@ -1843,8 +1580,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_full_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_full_ef_43( - core_core_arch_x86___m256i (*a)[5U], uint8_t ret[4U][200U]) { +static KRML_MUSTINLINE void store_block_full_ef_43(__m256i (*a)[5U], + uint8_t ret[4U][200U]) { store_block_full_0b(a, ret); } @@ -1863,12 +1600,11 @@ static KRML_MUSTINLINE void squeeze_first_and_last_c5( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1880,8 +1616,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 136 */ -static KRML_MUSTINLINE void store_block_ef_58( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_58(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e9(a, b); } @@ -1926,12 +1662,11 @@ static KRML_MUSTINLINE void squeeze_last_74( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; Eurydice_slice uu____0 = out[i0]; uint8_t *uu____1 = b[i0]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i0], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i0], uint8_t); Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *);); + core_ops_range_Range_b3), + uint8_t);); } /** @@ -1946,27 +1681,26 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], Eurydice_slice out[4U]) { libcrux_sha3_generic_keccak_KeccakState_29 s = new_1e_bf(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_29 *uu____0 = &s; - Eurydice_slice uu____1[4U]; - memcpy(uu____1, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____1, i0 * (size_t)136U, (size_t)136U, ret); + slice_n_ef(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); absorb_block_1d(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_29 *uu____2 = &s; - Eurydice_slice uu____3[4U]; - memcpy(uu____3, data, (size_t)4U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[4U]; + memcpy(copy_of_data, data, (size_t)4U * sizeof(Eurydice_slice)); Eurydice_slice ret[4U]; - slice_n_ef(uu____3, - core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, + slice_n_ef(copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_d9(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2006,6 +1740,9 @@ static KRML_MUSTINLINE void keccak_4f(Eurydice_slice data[4U], } } +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, @@ -2015,6 +1752,9 @@ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, keccak_4f(buf0, buf); } +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void) { return new_1e_bf(); @@ -2025,144 +1765,114 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_c70(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void load_block_c70(__m256i (*s)[5U], Eurydice_slice blocks[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v00 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[0U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v10 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[1U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v20 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[2U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v30 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8(Eurydice_slice_subslice2( - blocks[3U], (size_t)32U * i0, (size_t)32U * (i0 + (size_t)1U), - uint8_t, Eurydice_slice)); - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v00, v10); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v00, v10); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v20, v30); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v20, v30); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, v1h, v3h, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v0l, v2l, core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, v1h, v3h, core_core_arch_x86___m256i); + __m256i v00 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[0U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v10 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[1U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v20 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[2U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v30 = mm256_loadu_si256_u8( + Eurydice_slice_subslice2(blocks[3U], (size_t)32U * i0, + (size_t)32U * (i0 + (size_t)1U), uint8_t)); + __m256i v0l = mm256_unpacklo_epi64(v00, v10); + __m256i v1h = mm256_unpackhi_epi64(v00, v10); + __m256i v2l = mm256_unpacklo_epi64(v20, v30); + __m256i v3h = mm256_unpackhi_epi64(v20, v30); + __m256i v0 = mm256_permute2x128_si256((int32_t)32, v0l, v2l, __m256i); + __m256i v1 = mm256_permute2x128_si256((int32_t)32, v1h, v3h, __m256i); + __m256i v2 = mm256_permute2x128_si256((int32_t)49, v0l, v2l, __m256i); + __m256i v3 = mm256_permute2x128_si256((int32_t)49, v1h, v3h, __m256i); s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( + mm256_xor_si256( s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], v0); s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] [((size_t)4U * i0 + (size_t)1U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - v1); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + v1); s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] [((size_t)4U * i0 + (size_t)2U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - v2); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + v2); s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] [((size_t)4U * i0 + (size_t)3U) % (size_t)5U] = - libcrux_intrinsics_avx2_mm256_xor_si256( - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - v3); + mm256_xor_si256(s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + v3); } size_t rem = (size_t)168U % (size_t)32U; size_t start = (size_t)32U * ((size_t)168U / (size_t)32U); uint8_t u8s[32U] = {0U}; - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - u8s, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_array_to_subslice2( - u8s, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[0U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_array_to_subslice2( - u8s, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[1U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_array_to_subslice2( - u8s, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_slice_subslice2(blocks[2U], start, start + (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u = libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s, uint8_t, - Eurydice_slice)); + Eurydice_slice_subslice2(blocks[3U], start, start + (size_t)8U, uint8_t), + uint8_t); + __m256i u = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s, uint8_t, Eurydice_slice)); size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - s[i0][j0] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i0][j0], u); + s[i0][j0] = mm256_xor_si256(s[i0][j0], u); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; - Eurydice_slice uu____4 = Eurydice_array_to_subslice2( - u8s0, (size_t)0U, (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____4, - Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = Eurydice_array_to_subslice2( - u8s0, (size_t)8U, (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____5, - Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = Eurydice_array_to_subslice2( - u8s0, (size_t)16U, (size_t)24U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____6, - Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = Eurydice_array_to_subslice2( - u8s0, (size_t)24U, (size_t)32U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( - uu____7, - Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice), - uint8_t, void *); - core_core_arch_x86___m256i u0 = - libcrux_intrinsics_avx2_mm256_loadu_si256_u8( - core_array___Array_T__N__23__as_slice((size_t)32U, u8s0, uint8_t, - Eurydice_slice)); + Eurydice_slice uu____4 = + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t); + Eurydice_slice_copy(uu____4, + Eurydice_slice_subslice2(blocks[0U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t); + Eurydice_slice_copy(uu____5, + Eurydice_slice_subslice2(blocks[1U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t); + Eurydice_slice_copy(uu____6, + Eurydice_slice_subslice2(blocks[2U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t); + Eurydice_slice_copy(uu____7, + Eurydice_slice_subslice2(blocks[3U], start + (size_t)8U, + start + (size_t)16U, uint8_t), + uint8_t); + __m256i u0 = mm256_loadu_si256_u8(core_array___Array_T__N__23__as_slice( + (size_t)32U, u8s0, uint8_t, Eurydice_slice)); size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - s[i][j] = libcrux_intrinsics_avx2_mm256_xor_si256(s[i][j], u0); + s[i][j] = mm256_xor_si256(s[i][j], u0); } } @@ -2171,16 +1881,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_910( - core_core_arch_x86___m256i (*s)[5U], uint8_t blocks[4U][200U]) { - Eurydice_slice buf[4U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[1U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[2U], - uint8_t, Eurydice_slice), - Eurydice_array_to_slice((size_t)200U, blocks[3U], - uint8_t, Eurydice_slice)}; +static KRML_MUSTINLINE void load_block_full_910(__m256i (*s)[5U], + uint8_t blocks[4U][200U]) { + Eurydice_slice buf[4U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[1U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[2U], uint8_t), + Eurydice_array_to_slice((size_t)200U, blocks[3U], uint8_t)}; load_block_c70(s, buf); } @@ -2193,12 +1900,13 @@ A monomorphic instance of libcrux_sha3.simd.avx2.load_block_full_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void load_block_full_ef_e90( - core_core_arch_x86___m256i (*a)[5U], uint8_t b[4U][200U]) { - core_core_arch_x86___m256i(*uu____0)[5U] = a; - uint8_t uu____1[4U][200U]; - memcpy(uu____1, b, (size_t)4U * sizeof(uint8_t[200U])); - load_block_full_910(uu____0, uu____1); +static KRML_MUSTINLINE void load_block_full_ef_e90(__m256i (*a)[5U], + uint8_t b[4U][200U]) { + __m256i(*uu____0)[5U] = a; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[4U][200U]; + memcpy(copy_of_b, b, (size_t)4U * sizeof(uint8_t[200U])); + load_block_full_910(uu____0, copy_of_b); } /** @@ -2211,25 +1919,27 @@ with const generics */ static KRML_MUSTINLINE void absorb_final_d90( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice last[4U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[4U][200U] = {{0U}}; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t i0 = i; if (last_len > (size_t)0U) { Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i0], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i0], uint8_t, - void *); + blocks[i0], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i0], uint8_t); } blocks[i0][last_len] = 31U; size_t uu____1 = i0; size_t uu____2 = (size_t)168U - (size_t)1U; blocks[uu____1][uu____2] = (uint32_t)blocks[uu____1][uu____2] | 128U;); - core_core_arch_x86___m256i(*uu____3)[5U] = s->st; + __m256i(*uu____3)[5U] = s->st; uint8_t uu____4[4U][200U]; memcpy(uu____4, blocks, (size_t)4U * sizeof(uint8_t[200U])); load_block_full_ef_e90(uu____3, uu____4); keccakf1600_f8(s); } +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2242,67 +1952,55 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], +static KRML_MUSTINLINE void store_block_e90(__m256i (*s)[5U], Eurydice_slice out[4U]) { for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)32U; i++) { size_t i0 = i; - core_core_arch_x86___m256i v0l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v1h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)32, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v2l = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], - s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v3h = - libcrux_intrinsics_avx2_mm256_permute2x128_si256( - (int32_t)49, - s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], - s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] - [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], - core_core_arch_x86___m256i); - core_core_arch_x86___m256i v0 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v0l, v1h); - core_core_arch_x86___m256i v1 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v0l, v1h); - core_core_arch_x86___m256i v2 = - libcrux_intrinsics_avx2_mm256_unpacklo_epi64(v2l, v3h); - core_core_arch_x86___m256i v3 = - libcrux_intrinsics_avx2_mm256_unpackhi_epi64(v2l, v3h); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + __m256i v0l = mm256_permute2x128_si256( + (int32_t)32, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v1h = + mm256_permute2x128_si256((int32_t)32, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v2l = mm256_permute2x128_si256( + (int32_t)49, + s[(size_t)4U * i0 / (size_t)5U][(size_t)4U * i0 % (size_t)5U], + s[((size_t)4U * i0 + (size_t)2U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)2U) % (size_t)5U], + __m256i); + __m256i v3h = + mm256_permute2x128_si256((int32_t)49, + s[((size_t)4U * i0 + (size_t)1U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)1U) % (size_t)5U], + s[((size_t)4U * i0 + (size_t)3U) / (size_t)5U] + [((size_t)4U * i0 + (size_t)3U) % (size_t)5U], + __m256i); + __m256i v0 = mm256_unpacklo_epi64(v0l, v1h); + __m256i v1 = mm256_unpackhi_epi64(v0l, v1h); + __m256i v2 = mm256_unpacklo_epi64(v2l, v3h); + __m256i v3 = mm256_unpackhi_epi64(v2l, v3h); + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[0U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v0); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[1U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v1); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[2U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v2); - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( + mm256_storeu_si256_u8( Eurydice_slice_subslice2(out[3U], (size_t)32U * i0, - (size_t)32U * (i0 + (size_t)1U), uint8_t, - Eurydice_slice), + (size_t)32U * (i0 + (size_t)1U), uint8_t), v3); } size_t rem = (size_t)168U % (size_t)32U; @@ -2310,78 +2008,64 @@ static KRML_MUSTINLINE void store_block_e90(core_core_arch_x86___m256i (*s)[5U], uint8_t u8s[32U] = {0U}; size_t i0 = (size_t)4U * ((size_t)168U / (size_t)32U) / (size_t)5U; size_t j0 = (size_t)4U * ((size_t)168U / (size_t)32U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s, uint8_t, Eurydice_slice), - s[i0][j0]); - Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s, uint8_t), + s[i0][j0]); + Eurydice_slice uu____0 = + Eurydice_slice_subslice2(out[0U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____0, - Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____1 = Eurydice_slice_subslice2( - out[1U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____1 = + Eurydice_slice_subslice2(out[1U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____1, - Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____2 = Eurydice_slice_subslice2( - out[2U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____2 = + Eurydice_slice_subslice2(out[2U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____2, - Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____3 = Eurydice_slice_subslice2( - out[3U], start, start + (size_t)8U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____3 = + Eurydice_slice_subslice2(out[3U], start, start + (size_t)8U, uint8_t); + Eurydice_slice_copy( uu____3, - Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); if (rem == (size_t)16U) { uint8_t u8s0[32U] = {0U}; size_t i = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) / (size_t)5U; size_t j = ((size_t)4U * ((size_t)168U / (size_t)32U) + (size_t)1U) % (size_t)5U; - libcrux_intrinsics_avx2_mm256_storeu_si256_u8( - Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t, Eurydice_slice), - s[i][j]); - Eurydice_slice uu____4 = - Eurydice_slice_subslice2(out[0U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + mm256_storeu_si256_u8(Eurydice_array_to_slice((size_t)32U, u8s0, uint8_t), + s[i][j]); + Eurydice_slice uu____4 = Eurydice_slice_subslice2( + out[0U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____4, - Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____5 = - Eurydice_slice_subslice2(out[1U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)0U, (size_t)8U, uint8_t), + uint8_t); + Eurydice_slice uu____5 = Eurydice_slice_subslice2( + out[1U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____5, - Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____6 = - Eurydice_slice_subslice2(out[2U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)8U, (size_t)16U, uint8_t), + uint8_t); + Eurydice_slice uu____6 = Eurydice_slice_subslice2( + out[2U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____6, - Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t, - Eurydice_slice), - uint8_t, void *); - Eurydice_slice uu____7 = - Eurydice_slice_subslice2(out[3U], start + (size_t)8U, - start + (size_t)16U, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice( + Eurydice_array_to_subslice2(u8s0, (size_t)16U, (size_t)24U, uint8_t), + uint8_t); + Eurydice_slice uu____7 = Eurydice_slice_subslice2( + out[3U], start + (size_t)8U, start + (size_t)16U, uint8_t); + Eurydice_slice_copy( uu____7, - Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t, - Eurydice_slice), - uint8_t, void *); + Eurydice_array_to_subslice2(u8s0, (size_t)24U, (size_t)32U, uint8_t), + uint8_t); } } @@ -2394,8 +2078,8 @@ A monomorphic instance of libcrux_sha3.simd.avx2.store_block_ef with const generics - RATE= 168 */ -static KRML_MUSTINLINE void store_block_ef_580( - core_core_arch_x86___m256i (*a)[5U], Eurydice_slice b[4U]) { +static KRML_MUSTINLINE void store_block_ef_580(__m256i (*a)[5U], + Eurydice_slice b[4U]) { store_block_e90(a, b); } @@ -2412,6 +2096,9 @@ static KRML_MUSTINLINE void squeeze_next_block_b40( store_block_ef_580(s->st, out); } +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2457,6 +2144,9 @@ KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_first_three_blocks_2a( squeeze_next_block_b40(s, o2); } +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3) { @@ -2504,6 +2194,9 @@ static KRML_MUSTINLINE void squeeze_first_five_blocks_69( squeeze_next_block_b40(s, o4); } +/** + Squeeze five blocks +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2512,6 +2205,9 @@ libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( squeeze_first_five_blocks_69(s, buf); } +/** + Absorb +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3) { @@ -2519,6 +2215,9 @@ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_absorb_final_d9(s, buf); } +/** + Squeeze block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, @@ -2527,6 +2226,9 @@ libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( squeeze_first_block_9b(s, buf); } +/** + Squeeze next block +*/ KRML_MUSTINLINE void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 39046c730..775fd2fe0 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_avx2_H @@ -30,41 +30,68 @@ with const generics - $4size_t */ typedef struct libcrux_sha3_generic_keccak_KeccakState_29_s { - core_core_arch_x86___m256i st[5U][5U]; + __m256i st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_29; +/** + Perform 4 SHAKE256 operations in parallel +*/ void libcrux_sha3_avx2_x4_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice input2, Eurydice_slice input3, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Initialise the [`KeccakState`]. +*/ libcrux_sha3_generic_keccak_KeccakState_29 libcrux_sha3_avx2_x4_incremental_init(void); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake128_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze another block +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze three blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze five blocks +*/ void libcrux_sha3_avx2_x4_incremental_shake128_squeeze_first_five_blocks( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Absorb +*/ void libcrux_sha3_avx2_x4_incremental_shake256_absorb_final( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice data0, Eurydice_slice data1, Eurydice_slice data2, Eurydice_slice data3); +/** + Squeeze block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_first_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); +/** + Squeeze next block +*/ void libcrux_sha3_avx2_x4_incremental_shake256_squeeze_next_block( libcrux_sha3_generic_keccak_KeccakState_29 *s, Eurydice_slice out0, Eurydice_slice out1, Eurydice_slice out2, Eurydice_slice out3); diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index aa2382f2b..3f1586149 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_internal_H @@ -137,8 +137,7 @@ libcrux_sha3_portable_keccak_xor_5a(uint64_t a, uint64_t b) { static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_1( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t, - Eurydice_slice); + ret[0U] = Eurydice_slice_subslice2(a[0U], start, start + len, uint8_t); } /** @@ -147,17 +146,18 @@ usize> for u64)} */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_slice_n_5a( Eurydice_slice a[1U], size_t start, size_t len, Eurydice_slice ret[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, a, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_a[1U]; + memcpy(copy_of_a, a, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret0[1U]; - libcrux_sha3_portable_keccak_slice_1(uu____0, start, len, ret0); + libcrux_sha3_portable_keccak_slice_1(copy_of_a, start, len, ret0); memcpy(ret, ret0, (size_t)1U * sizeof(Eurydice_slice)); } static KRML_MUSTINLINE Eurydice_slice_uint8_t_1size_t__x2 libcrux_sha3_portable_keccak_split_at_mut_1(Eurydice_slice out[1U], size_t mid) { - Eurydice_slice_uint8_t_x2 uu____0 = core_slice___Slice_T___split_at_mut( + Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at_mut( out[0U], mid, uint8_t, Eurydice_slice_uint8_t_x2); Eurydice_slice out00 = uu____0.fst; Eurydice_slice out01 = uu____0.snd; @@ -187,6 +187,9 @@ typedef struct libcrux_sha3_generic_keccak_KeccakState_48_s { uint64_t st[5U][5U]; } libcrux_sha3_generic_keccak_KeccakState_48; +/** + Create a new Shake128 x4 state. +*/ /** This function found in impl {libcrux_sha3::generic_keccak::KeccakState[TraitClause@0]#1} @@ -242,9 +245,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -260,8 +262,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c(s, buf); } @@ -277,9 +279,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d2( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df(uu____0, copy_of_b); } /** @@ -1224,75 +1227,52 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_theta_rho_16( c[((size_t)4U + (size_t)4U) % (size_t)5U], c[((size_t)4U + (size_t)1U) % (size_t)5U])}; s->st[0U][0U] = libcrux_sha3_portable_keccak_xor_5a(s->st[0U][0U], t[0U]); - uint64_t uu____4 = + s->st[1U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb(s->st[1U][0U], t[0U]); - s->st[1U][0U] = uu____4; - uint64_t uu____5 = + s->st[2U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb0(s->st[2U][0U], t[0U]); - s->st[2U][0U] = uu____5; - uint64_t uu____6 = + s->st[3U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb1(s->st[3U][0U], t[0U]); - s->st[3U][0U] = uu____6; - uint64_t uu____7 = + s->st[4U][0U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb2(s->st[4U][0U], t[0U]); - s->st[4U][0U] = uu____7; - uint64_t uu____8 = + s->st[0U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb3(s->st[0U][1U], t[1U]); - s->st[0U][1U] = uu____8; - uint64_t uu____9 = + s->st[1U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb4(s->st[1U][1U], t[1U]); - s->st[1U][1U] = uu____9; - uint64_t uu____10 = + s->st[2U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb5(s->st[2U][1U], t[1U]); - s->st[2U][1U] = uu____10; - uint64_t uu____11 = + s->st[3U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb6(s->st[3U][1U], t[1U]); - s->st[3U][1U] = uu____11; - uint64_t uu____12 = + s->st[4U][1U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb7(s->st[4U][1U], t[1U]); - s->st[4U][1U] = uu____12; - uint64_t uu____13 = + s->st[0U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb8(s->st[0U][2U], t[2U]); - s->st[0U][2U] = uu____13; - uint64_t uu____14 = + s->st[1U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb9(s->st[1U][2U], t[2U]); - s->st[1U][2U] = uu____14; - uint64_t uu____15 = + s->st[2U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb10(s->st[2U][2U], t[2U]); - s->st[2U][2U] = uu____15; - uint64_t uu____16 = + s->st[3U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb11(s->st[3U][2U], t[2U]); - s->st[3U][2U] = uu____16; - uint64_t uu____17 = + s->st[4U][2U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb12(s->st[4U][2U], t[2U]); - s->st[4U][2U] = uu____17; - uint64_t uu____18 = + s->st[0U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb13(s->st[0U][3U], t[3U]); - s->st[0U][3U] = uu____18; - uint64_t uu____19 = + s->st[1U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb14(s->st[1U][3U], t[3U]); - s->st[1U][3U] = uu____19; - uint64_t uu____20 = + s->st[2U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb15(s->st[2U][3U], t[3U]); - s->st[2U][3U] = uu____20; - uint64_t uu____21 = + s->st[3U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb16(s->st[3U][3U], t[3U]); - s->st[3U][3U] = uu____21; - uint64_t uu____22 = + s->st[4U][3U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb17(s->st[4U][3U], t[3U]); - s->st[4U][3U] = uu____22; - uint64_t uu____23 = + s->st[0U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb18(s->st[0U][4U], t[4U]); - s->st[0U][4U] = uu____23; - uint64_t uu____24 = + s->st[1U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb19(s->st[1U][4U], t[4U]); - s->st[1U][4U] = uu____24; - uint64_t uu____25 = + s->st[2U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb20(s->st[2U][4U], t[4U]); - s->st[2U][4U] = uu____25; - uint64_t uu____26 = + s->st[3U][4U] = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb21(s->st[3U][4U], t[4U]); - s->st[3U][4U] = uu____26; uint64_t uu____27 = libcrux_sha3_portable_keccak_xor_and_rotate_5a_bb22(s->st[4U][4U], t[4U]); s->st[4U][4U] = uu____27; @@ -1391,14 +1371,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c7( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1422,14 +1402,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_58( for (size_t i = (size_t)0U; i < (size_t)168U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1486,9 +1463,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c0( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1504,8 +1480,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df0( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c0(s, buf); } @@ -1521,9 +1497,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d20( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df0(uu____0, copy_of_b); } /** @@ -1536,14 +1513,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c70( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 31U; size_t uu____1 = i; @@ -1567,14 +1544,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_580( for (size_t i = (size_t)0U; i < (size_t)136U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1629,9 +1603,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b8( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c0(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c0(uu____0, copy_of_b); } /** @@ -1646,9 +1621,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b80( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c(uu____0, copy_of_b); } /** @@ -1676,11 +1652,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d3( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_58(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -1716,12 +1693,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c54( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1743,12 +1720,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf3( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -1765,28 +1742,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e94( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)168U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)168U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)168U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)168U, (size_t)168U, ret); libcrux_sha3_generic_keccak_absorb_block_df3(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)168U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)168U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c7(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)168U; size_t last = outlen - outlen % (size_t)168U; if (blocks == (size_t)0U) { @@ -1834,9 +1810,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce4( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e94(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e94(copy_of_data, out); } /** @@ -1853,9 +1830,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c3( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -1876,9 +1852,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b83( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c3(uu____0, copy_of_b); } /** @@ -1904,8 +1881,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df3( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c3(s, buf); } @@ -1921,9 +1898,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d23( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df3(uu____0, copy_of_b); } /** @@ -1936,14 +1914,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c74( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -1967,14 +1945,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_583( for (size_t i = (size_t)0U; i < (size_t)104U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -1987,11 +1962,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d2( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_583(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2027,12 +2003,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c53( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2093,12 +2069,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf2( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2115,28 +2091,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e93( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)104U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)104U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)104U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)104U, (size_t)104U, ret); libcrux_sha3_generic_keccak_absorb_block_df2(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)104U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)104U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c74(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)104U; size_t last = outlen - outlen % (size_t)104U; if (blocks == (size_t)0U) { @@ -2184,9 +2159,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce3( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e93(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e93(copy_of_data, out); } /** @@ -2203,9 +2179,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c2( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2226,9 +2201,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b82( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c2(uu____0, copy_of_b); } /** @@ -2254,8 +2230,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df2( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c2(s, buf); } @@ -2271,9 +2247,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d22( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df2(uu____0, copy_of_b); } /** @@ -2286,14 +2263,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c73( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2317,14 +2294,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_582( for (size_t i = (size_t)0U; i < (size_t)144U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2337,11 +2311,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d1( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_582(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2377,12 +2352,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c52( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2443,12 +2418,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf1( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2465,28 +2440,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e92( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)144U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)144U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)144U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)144U, (size_t)144U, ret); libcrux_sha3_generic_keccak_absorb_block_df1(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)144U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)144U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c73(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)144U; size_t last = outlen - outlen % (size_t)144U; if (blocks == (size_t)0U) { @@ -2534,9 +2508,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce2( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e92(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e92(copy_of_data, out); } /** @@ -2564,11 +2539,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d0( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_580(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -2604,12 +2580,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c51( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2631,12 +2607,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf0( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -2653,28 +2629,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e91( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c70(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2722,9 +2697,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce1( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e91(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e91(copy_of_data, out); } /** @@ -2737,14 +2713,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c72( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2771,28 +2747,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e90( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)136U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)136U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)136U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)136U, (size_t)136U, ret); libcrux_sha3_generic_keccak_absorb_block_df0(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)136U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)136U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c72(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)136U; size_t last = outlen - outlen % (size_t)136U; if (blocks == (size_t)0U) { @@ -2840,9 +2815,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce0( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e90(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e90(copy_of_data, out); } /** @@ -2859,9 +2835,8 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_2c1( Eurydice_slice_to_array2( &dst, Eurydice_slice_subslice2(blocks[0U], (size_t)8U * i0, - (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice), - Eurydice_slice, uint8_t[8U], void *); + (size_t)8U * i0 + (size_t)8U, uint8_t), + Eurydice_slice, uint8_t[8U]); core_result_unwrap_41_ac(dst, uu____0); size_t uu____1 = i0 / (size_t)5U; size_t uu____2 = i0 % (size_t)5U; @@ -2882,9 +2857,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_5a_b81( uint64_t (*a)[5U], Eurydice_slice b[1U]) { uint64_t(*uu____0)[5U] = a; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, b, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_portable_keccak_load_block_2c1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_b[1U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_portable_keccak_load_block_2c1(uu____0, copy_of_b); } /** @@ -2910,8 +2886,8 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_df1( uint64_t (*s)[5U], uint8_t blocks[1U][200U]) { - Eurydice_slice buf[1U] = {Eurydice_array_to_slice((size_t)200U, blocks[0U], - uint8_t, Eurydice_slice)}; + Eurydice_slice buf[1U] = { + Eurydice_array_to_slice((size_t)200U, blocks[0U], uint8_t)}; libcrux_sha3_portable_keccak_load_block_2c1(s, buf); } @@ -2927,9 +2903,10 @@ with const generics static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_load_block_full_5a_d21( uint64_t (*a)[5U], uint8_t b[1U][200U]) { uint64_t(*uu____0)[5U] = a; - uint8_t uu____1[1U][200U]; - memcpy(uu____1, b, (size_t)1U * sizeof(uint8_t[200U])); - libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, uu____1); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_b[1U][200U]; + memcpy(copy_of_b, b, (size_t)1U * sizeof(uint8_t[200U])); + libcrux_sha3_portable_keccak_load_block_full_df1(uu____0, copy_of_b); } /** @@ -2942,14 +2919,14 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_absorb_final_c71( libcrux_sha3_generic_keccak_KeccakState_48 *s, Eurydice_slice last[1U]) { - size_t last_len = core_slice___Slice_T___len(last[0U], uint8_t, size_t); + size_t last_len = Eurydice_slice_len(last[0U], uint8_t); uint8_t blocks[1U][200U] = {{0U}}; { size_t i = (size_t)0U; if (last_len > (size_t)0U) { - Eurydice_slice uu____0 = Eurydice_array_to_subslice2( - blocks[i], (size_t)0U, last_len, uint8_t, Eurydice_slice); - core_slice___Slice_T___copy_from_slice(uu____0, last[i], uint8_t, void *); + Eurydice_slice uu____0 = + Eurydice_array_to_subslice2(blocks[i], (size_t)0U, last_len, uint8_t); + Eurydice_slice_copy(uu____0, last[i], uint8_t); } blocks[i][last_len] = 6U; size_t uu____1 = i; @@ -2973,14 +2950,11 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_581( for (size_t i = (size_t)0U; i < (size_t)72U / (size_t)8U; i++) { size_t i0 = i; Eurydice_slice uu____0 = Eurydice_slice_subslice2( - out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t, - Eurydice_slice); + out[0U], (size_t)8U * i0, (size_t)8U * i0 + (size_t)8U, uint8_t); uint8_t ret[8U]; core_num__u64_9__to_le_bytes(s[i0 / (size_t)5U][i0 % (size_t)5U], ret); - core_slice___Slice_T___copy_from_slice( - uu____0, - Eurydice_array_to_slice((size_t)8U, ret, uint8_t, Eurydice_slice), - uint8_t, void *); + Eurydice_slice_copy( + uu____0, Eurydice_array_to_slice((size_t)8U, ret, uint8_t), uint8_t); } } @@ -2993,11 +2967,12 @@ static KRML_MUSTINLINE void libcrux_sha3_portable_keccak_store_block_full_2d( uint64_t (*s)[5U], uint8_t ret[1U][200U]) { uint8_t out[200U] = {0U}; Eurydice_slice buf[1U] = { - Eurydice_array_to_slice((size_t)200U, out, uint8_t, Eurydice_slice)}; + Eurydice_array_to_slice((size_t)200U, out, uint8_t)}; libcrux_sha3_portable_keccak_store_block_581(s, buf); - uint8_t uu____0[200U]; - memcpy(uu____0, out, (size_t)200U * sizeof(uint8_t)); - memcpy(ret[0U], uu____0, (size_t)200U * sizeof(uint8_t)); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_out[200U]; + memcpy(copy_of_out, out, (size_t)200U * sizeof(uint8_t)); + memcpy(ret[0U], copy_of_out, (size_t)200U * sizeof(uint8_t)); } /** @@ -3032,12 +3007,12 @@ libcrux_sha3_generic_keccak_squeeze_first_and_last_c50( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3098,12 +3073,12 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_squeeze_last_cf( uint8_t *uu____1 = b[i]; core_ops_range_Range_b3 lit; lit.start = (size_t)0U; - lit.end = core_slice___Slice_T___len(out[i], uint8_t, size_t); - core_slice___Slice_T___copy_from_slice( + lit.end = Eurydice_slice_len(out[i], uint8_t); + Eurydice_slice_copy( uu____0, Eurydice_array_to_subslice((size_t)200U, uu____1, lit, uint8_t, - core_ops_range_Range_b3, Eurydice_slice), - uint8_t, void *); + core_ops_range_Range_b3), + uint8_t); } } @@ -3120,28 +3095,27 @@ static KRML_MUSTINLINE void libcrux_sha3_generic_keccak_keccak_e9( libcrux_sha3_generic_keccak_KeccakState_48 s = libcrux_sha3_generic_keccak_new_1e_f4(); for (size_t i = (size_t)0U; - i < core_slice___Slice_T___len(data[0U], uint8_t, size_t) / (size_t)72U; - i++) { + i < Eurydice_slice_len(data[0U], uint8_t) / (size_t)72U; i++) { size_t i0 = i; libcrux_sha3_generic_keccak_KeccakState_48 *uu____0 = &s; - Eurydice_slice uu____1[1U]; - memcpy(uu____1, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; - libcrux_sha3_portable_keccak_slice_n_5a(uu____1, i0 * (size_t)72U, + libcrux_sha3_portable_keccak_slice_n_5a(copy_of_data, i0 * (size_t)72U, (size_t)72U, ret); libcrux_sha3_generic_keccak_absorb_block_df(uu____0, ret); } - size_t rem = - core_slice___Slice_T___len(data[0U], uint8_t, size_t) % (size_t)72U; + size_t rem = Eurydice_slice_len(data[0U], uint8_t) % (size_t)72U; libcrux_sha3_generic_keccak_KeccakState_48 *uu____2 = &s; - Eurydice_slice uu____3[1U]; - memcpy(uu____3, data, (size_t)1U * sizeof(Eurydice_slice)); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); Eurydice_slice ret[1U]; libcrux_sha3_portable_keccak_slice_n_5a( - uu____3, core_slice___Slice_T___len(data[0U], uint8_t, size_t) - rem, rem, - ret); + copy_of_data, Eurydice_slice_len(data[0U], uint8_t) - rem, rem, ret); libcrux_sha3_generic_keccak_absorb_final_c71(uu____2, ret); - size_t outlen = core_slice___Slice_T___len(out[0U], uint8_t, size_t); + size_t outlen = Eurydice_slice_len(out[0U], uint8_t); size_t blocks = outlen / (size_t)72U; size_t last = outlen - outlen % (size_t)72U; if (blocks == (size_t)0U) { @@ -3189,9 +3163,10 @@ with const generics */ static KRML_MUSTINLINE void libcrux_sha3_portable_keccakx1_ce( Eurydice_slice data[1U], Eurydice_slice out[1U]) { - Eurydice_slice uu____0[1U]; - memcpy(uu____0, data, (size_t)1U * sizeof(Eurydice_slice)); - libcrux_sha3_generic_keccak_keccak_e9(uu____0, out); + /* Passing arrays by value in Rust generates a copy in C */ + Eurydice_slice copy_of_data[1U]; + memcpy(copy_of_data, data, (size_t)1U * sizeof(Eurydice_slice)); + libcrux_sha3_generic_keccak_keccak_e9(copy_of_data, out); } #if defined(__cplusplus) diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 654c8b7ee..21b8d1d44 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -4,27 +4,38 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #include "libcrux_sha3_neon.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, "panic!"); KRML_HOST_EXIT(255U); } +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, @@ -34,6 +45,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, KRML_HOST_EXIT(255U); } +/** + Initialise the `KeccakState2`. +*/ KRML_MUSTINLINE libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -41,6 +55,9 @@ libcrux_sha3_neon_x2_incremental_shake128_init(void) { KRML_HOST_EXIT(255U); } +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1) { @@ -49,6 +66,10 @@ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -58,6 +79,10 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( KRML_HOST_EXIT(255U); } +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, @@ -67,6 +92,9 @@ libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( KRML_HOST_EXIT(255U); } +/** + A portable SHA3 224 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, @@ -74,6 +102,9 @@ KRML_MUSTINLINE void libcrux_sha3_neon_sha224(Eurydice_slice digest, KRML_HOST_EXIT(255U); } +/** + A portable SHA3 384 implementation. +*/ KRML_MUSTINLINE void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data) { KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index 1fc256403..fc14ae7e7 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -4,11 +4,11 @@ * SPDX-License-Identifier: MIT or Apache-2.0 * * This code was generated with the following revisions: - * Charon: 53530427db2941ce784201e64086766504bc5642 - * Eurydice: 67f4341506300372fba9cb8de070234935839cb7 - * Karamel: f9cdef256a2b88282398a609847b34dd8c9cf3e3 - * F*: 58c915a86a2c07c8eca8d9deafd76cb7a91f0eb7 - * Libcrux: 06b02e72e21705b53062d5988d3233715af43ad2 + * Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 + * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 + * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a + * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty + * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b */ #ifndef __libcrux_sha3_neon_H @@ -22,10 +22,21 @@ extern "C" { #include "intrinsics/libcrux_intrinsics_arm64.h" #include "libcrux_sha3_internal.h" +/** + A portable SHA3 512 implementation. +*/ void libcrux_sha3_neon_sha512(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 256 implementation. +*/ void libcrux_sha3_neon_sha256(Eurydice_slice digest, Eurydice_slice data); +/** + Run SHAKE256 on both inputs in parallel. + + Writes the two results into `out0` and `out1` +*/ void libcrux_sha3_neon_x2_shake256(Eurydice_slice input0, Eurydice_slice input1, Eurydice_slice out0, Eurydice_slice out1); @@ -33,23 +44,43 @@ typedef struct libcrux_sha3_neon_x2_incremental_KeccakState_s { libcrux_sha3_generic_keccak_KeccakState_48 state[2U]; } libcrux_sha3_neon_x2_incremental_KeccakState; +/** + Initialise the `KeccakState2`. +*/ libcrux_sha3_neon_x2_incremental_KeccakState libcrux_sha3_neon_x2_incremental_shake128_init(void); +/** + Shake128 absorb `data0` and `data1` in the [`KeccakState`] `s`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_absorb_final( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice data0, Eurydice_slice data1); +/** + Squeeze 2 times the next block in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_next_block( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + Squeeze 2 times the first three blocks in parallel in the + [`KeccakState`] and return the output in `out0` and `out1`. +*/ void libcrux_sha3_neon_x2_incremental_shake128_squeeze_first_three_blocks( libcrux_sha3_neon_x2_incremental_KeccakState *s, Eurydice_slice out0, Eurydice_slice out1); +/** + A portable SHA3 224 implementation. +*/ void libcrux_sha3_neon_sha224(Eurydice_slice digest, Eurydice_slice data); +/** + A portable SHA3 384 implementation. +*/ void libcrux_sha3_neon_sha384(Eurydice_slice digest, Eurydice_slice data); #if defined(__cplusplus) From c5406ba11b76acf240566da4784ed53182f97df3 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 19:35:11 +0000 Subject: [PATCH 14/16] inline ind_cpa encrypt for stack --- libcrux-ml-kem/cg/code_gen.txt | 2 +- libcrux-ml-kem/cg/libcrux_core.h | 74 +-- libcrux-ml-kem/cg/libcrux_ct_ops.h | 2 +- libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h | 533 +++++++++--------- libcrux-ml-kem/cg/libcrux_mlkem768_portable.h | 469 +++++++-------- libcrux-ml-kem/cg/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/cg/libcrux_sha3_portable.h | 2 +- libcrux-ml-kem/src/ind_cpa.rs | 72 ++- 8 files changed, 609 insertions(+), 547 deletions(-) diff --git a/libcrux-ml-kem/cg/code_gen.txt b/libcrux-ml-kem/cg/code_gen.txt index 3ad6971ff..d9db0038c 100644 --- a/libcrux-ml-kem/cg/code_gen.txt +++ b/libcrux-ml-kem/cg/code_gen.txt @@ -3,4 +3,4 @@ Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 +Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 diff --git a/libcrux-ml-kem/cg/libcrux_core.h b/libcrux-ml-kem/cg/libcrux_core.h index 0899f6ecd..7ce61b53b 100644 --- a/libcrux-ml-kem/cg/libcrux_core.h +++ b/libcrux-ml-kem/cg/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_core_H @@ -221,7 +221,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_slice_d4 with const generics - SIZE= 1088 */ -static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_b6( +static inline uint8_t *libcrux_ml_kem_types_as_slice_d4_3e( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return self->value; } @@ -298,6 +298,39 @@ libcrux_ml_kem_types_from_05_db(uint8_t value[2400U]) { return lit; } +/** +A monomorphic instance of core.result.Result +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +typedef struct Result_00_s { + Result_86_tags tag; + union { + uint8_t case_Ok[32U]; + TryFromSliceError case_Err; + } val; +} Result_00; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { + if (self.tag == Ok) { + uint8_t f0[32U]; + memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** A monomorphic instance of K. with types libcrux_ml_kem_types_MlKemCiphertext[[$1088size_t]], @@ -319,7 +352,7 @@ with const generics - SIZE= 1088 */ static inline libcrux_ml_kem_mlkem768_MlKem768Ciphertext -libcrux_ml_kem_types_from_01_14(uint8_t value[1088U]) { +libcrux_ml_kem_types_from_01_ec(uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; memcpy(copy_of_value, value, (size_t)1088U * sizeof(uint8_t)); @@ -363,39 +396,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_utils_into_padded_array_ea2( memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** -A monomorphic instance of core.result.Result -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -typedef struct Result_00_s { - Result_86_tags tag; - union { - uint8_t case_Ok[32U]; - TryFromSliceError case_Err; - } val; -} Result_00; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -static inline void unwrap_41_83(Result_00 self, uint8_t ret[32U]) { - if (self.tag == Ok) { - uint8_t f0[32U]; - memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** Pad the `slice` with `0`s at the end. */ @@ -424,7 +424,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_99( +static inline Eurydice_slice libcrux_ml_kem_types_as_ref_00_e0( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/cg/libcrux_ct_ops.h b/libcrux-ml-kem/cg/libcrux_ct_ops.h index a95500c8f..e3b12090d 100644 --- a/libcrux-ml-kem/cg/libcrux_ct_ops.h +++ b/libcrux-ml-kem/cg/libcrux_ct_ops.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_ct_ops_H diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h index 8b0344cec..6d8885e7b 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_mlkem768_avx2_H @@ -1240,7 +1240,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_9a(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_29(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -1252,7 +1252,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_fe( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1276,7 +1276,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_68( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_23( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -1294,7 +1294,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_68( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_34( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_fe( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -1323,7 +1323,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_53(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_5b(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -1335,7 +1335,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_84( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1387,9 +1387,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_22( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a0( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_84( vector); } @@ -1401,7 +1401,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_67( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1412,7 +1412,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_10_67( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_85( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_22( coefficient); } return re; @@ -1426,7 +1426,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_840( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1478,9 +1478,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_220( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a00( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_840( vector); } @@ -1492,7 +1492,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_4a( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1503,7 +1503,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_11_e1( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_850( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_220( coefficient); } return re; @@ -1517,9 +1517,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5d( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_67(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_2b(serialized); } typedef struct libcrux_ml_kem_vector_avx2_SIMD256Vector_x2_s { @@ -1682,7 +1682,7 @@ with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_37( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_92( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U, @@ -1713,7 +1713,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -1738,9 +1738,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_01( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_5d( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_37(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_92(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -1755,7 +1755,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_841( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1807,9 +1807,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_221( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a01( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_841( vector); } @@ -1821,7 +1821,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_49( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_02( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1832,7 +1832,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_4_49( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_851( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_221( coefficient); } return re; @@ -1846,7 +1846,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( +libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_842( __m256i vector) { __m256i field_modulus = libcrux_intrinsics_avx2_mm256_set1_epi32( (int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); @@ -1898,9 +1898,9 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i -libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( +libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_222( __m256i vector) { - return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_a02( + return libcrux_ml_kem_vector_avx2_compress_decompress_ciphertext_coefficient_842( vector); } @@ -1912,7 +1912,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_1d( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_75( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -1923,7 +1923,7 @@ libcrux_ml_kem_serialize_deserialize_then_decompress_5_1d( serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_852( + libcrux_ml_kem_vector_avx2_decompress_ciphertext_coefficient_ea_222( re.coefficients[i0]); } return re; @@ -1937,9 +1937,9 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_49(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_02(serialized); } /** @@ -2195,7 +2195,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_subtract_reduce_89_1e( +libcrux_ml_kem_polynomial_subtract_reduce_89_d9( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; @@ -2225,7 +2225,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_matrix_compute_message_db( +libcrux_ml_kem_matrix_compute_message_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -2239,7 +2239,7 @@ libcrux_ml_kem_matrix_compute_message_db( libcrux_ml_kem_polynomial_add_to_ring_element_89_ce(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_e6(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_1e(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_d9(v, result); return result; } @@ -2250,7 +2250,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE __m256i -libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(__m256i vector) { +libcrux_ml_kem_vector_avx2_arithmetic_shift_right_5b(__m256i vector) { return libcrux_intrinsics_avx2_mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -2264,9 +2264,9 @@ with const generics - SHIFT_BY= 15 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_8a( +static inline __m256i libcrux_ml_kem_vector_avx2_shift_right_ea_36( __m256i vector) { - return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_1f(vector); + return libcrux_ml_kem_vector_avx2_arithmetic_shift_right_5b(vector); } /** @@ -2278,7 +2278,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics KRML_ATTRIBUTE_TARGET("avx2") static inline __m256i libcrux_ml_kem_vector_traits_to_unsigned_representative_14(__m256i a) { - __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_8a(a); + __m256i t = libcrux_ml_kem_vector_avx2_shift_right_ea_36(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2292,7 +2292,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_d1( +libcrux_ml_kem_serialize_compress_then_serialize_message_ef( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -2347,20 +2347,20 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_06(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_5e(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_58( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_69( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - libcrux_ml_kem_matrix_compute_message_db(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_a7(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_d1(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_ef(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -2375,11 +2375,11 @@ with const generics - V_COMPRESSION_FACTOR= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_decrypt_76(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_8e(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_68(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_23(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -2391,7 +2391,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_76(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3008,18 +3008,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_ac( sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; - /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -3701,7 +3689,7 @@ with const generics - COEFFICIENT_BITS= 10 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_85( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_94( vector); @@ -3721,7 +3709,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_10_d0( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_85( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[20U]; @@ -3797,7 +3785,7 @@ with const generics - COEFFICIENT_BITS= 11 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab0( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_850( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_940( vector); @@ -3817,7 +3805,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_11_28( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab0( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_850( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re->coefficients[i0])); uint8_t bytes[22U]; @@ -3945,7 +3933,7 @@ with const generics - COEFFICIENT_BITS= 4 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab1( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_851( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_941( vector); @@ -3965,7 +3953,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_4_fb( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_ab1( + __m256i coefficient = libcrux_ml_kem_vector_avx2_compress_ea_851( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[8U]; @@ -4040,7 +4028,7 @@ with const generics - COEFFICIENT_BITS= 5 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_ab2( +static inline __m256i libcrux_ml_kem_vector_avx2_compress_ea_852( __m256i vector) { return libcrux_ml_kem_vector_avx2_compress_compress_ciphertext_coefficient_942( vector); @@ -4060,7 +4048,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_5_8e( for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; - __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_ab2( + __m256i coefficients = libcrux_ml_kem_vector_avx2_compress_ea_852( libcrux_ml_kem_vector_traits_to_unsigned_representative_14( re.coefficients[i0])); uint8_t bytes[10U]; @@ -4087,48 +4075,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_avx2_SIMD256Vector, libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 @@ -4145,9 +4092,20 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { +static inline void libcrux_ml_kem_ind_cpa_encrypt_a3(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -4178,8 +4136,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, - u); + libcrux_ml_kem_matrix_compute_vector_u_54(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); @@ -4188,7 +4145,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = libcrux_ml_kem_matrix_compute_ring_element_v_f9( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; memcpy( @@ -4204,76 +4161,6 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_avx2_SIMD256Vector, -libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cpa_encrypt_e0(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_a8( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_ac(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____3, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - /** This function found in impl {(libcrux_ml_kem::ind_cca::Variant for libcrux_ml_kem::ind_cca::MlKem)#1} @@ -4286,7 +4173,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_ca( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_73( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -4318,7 +4205,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_33( +static inline void libcrux_ml_kem_ind_cca_decapsulate_e7( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4336,7 +4223,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_33( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_8e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4360,7 +4247,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_33( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4371,18 +4258,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_33( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca( + libcrux_ml_kem_ind_cca_kdf_43_73( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_73(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -4415,10 +4302,10 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51( +static inline void libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_5f( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_33(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e7(private_key, ciphertext, ret); } /** @@ -4432,7 +4319,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_51(private_key, + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_5f(private_key, ciphertext, ret); } @@ -4448,6 +4335,18 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0_s { uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_a0; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0; + /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector @@ -4470,6 +4369,124 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 public_key; } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0; +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_avx2_SIMD256Vector, +libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +KRML_ATTRIBUTE_TARGET("avx2") +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_08( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_58( + copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_73( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_54(public_key->A, r_as_ntt, error_1, + u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_d3( + copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + libcrux_ml_kem_matrix_compute_ring_element_v_f9( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_9b( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked with types libcrux_ml_kem_vector_avx2_SIMD256Vector, @@ -4492,11 +4509,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_b8( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_ff( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4526,7 +4543,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -4538,11 +4555,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_41( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4579,10 +4596,10 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( +libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_20( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_41(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_4a(key_pair, ciphertext, ret); } /** @@ -4596,7 +4613,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_5f( + libcrux_ml_kem_ind_cca_instantiations_avx2_decapsulate_unpacked_20( private_key, ciphertext, ret); } @@ -4611,7 +4628,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_9b( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4654,11 +4671,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e6( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_b8( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_9b( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4689,15 +4706,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_ca(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_73(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -4729,14 +4746,14 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_67( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } /** @@ -4754,7 +4771,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_c7( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_67( uu____0, copy_of_randomness); } @@ -4777,7 +4794,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_42( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4805,7 +4822,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_a3(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_3b(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4815,7 +4832,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4849,7 +4866,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( +libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -4857,7 +4874,7 @@ libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_2f(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_42(uu____0, copy_of_randomness); } @@ -4878,7 +4895,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_5d( + return libcrux_ml_kem_ind_cca_instantiations_avx2_encapsulate_unpacked_29( uu____0, copy_of_randomness); } @@ -5280,7 +5297,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_mlkem768_MlKem768KeyPair -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_98( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -5297,7 +5314,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_15( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_98( copy_of_randomness); } @@ -5364,7 +5381,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( +static inline tuple_9b0 libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_bc( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_avx2_G_a9_e1(key_generation_seed, hashed); @@ -5456,7 +5473,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_68(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_3d(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_9b(); } @@ -5474,7 +5491,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_8a( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_9b(); @@ -5493,7 +5510,7 @@ with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -libcrux_ml_kem_polynomial_clone_d5_f5( +libcrux_ml_kem_polynomial_clone_d5_f0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -5517,7 +5534,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5525,7 +5542,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_2a( + tuple_9b0 uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_bc( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; @@ -5533,14 +5550,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_d1(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_8a(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_f5(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_f0(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -5607,12 +5624,12 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( +libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_03( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_30( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_03( copy_of_randomness); } @@ -5626,7 +5643,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_4f( + return libcrux_ml_kem_ind_cca_instantiations_avx2_generate_keypair_unpacked_03( copy_of_randomness); } @@ -5642,7 +5659,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a4( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_41( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -5653,7 +5670,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_a4( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_avx2_H_a9_a1( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + libcrux_ml_kem_types_as_slice_d4_3e(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -5687,7 +5704,7 @@ with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline void libcrux_ml_kem_ind_cca_decapsulate_330( +static inline void libcrux_ml_kem_ind_cca_decapsulate_e70( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5705,7 +5722,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_330( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_76(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_8e(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5729,7 +5746,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_330( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_avx2_PRF_a9_dd( @@ -5740,18 +5757,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_330( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a4( + libcrux_ml_kem_ind_cca_kdf_6c_41( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_41(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5785,10 +5802,10 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_decapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline void -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_67( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_330(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_e70(private_key, ciphertext, ret); } /** @@ -5802,7 +5819,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline void libcrux_ml_kem_mlkem768_avx2_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_b0( + libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_decapsulate_67( private_key, ciphertext, ret); } @@ -5817,7 +5834,7 @@ with const generics - K= 3 */ KRML_ATTRIBUTE_TARGET("avx2") -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_avx2_H_a9_a1(randomness, ret); } @@ -5842,11 +5859,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 */ KRML_ATTRIBUTE_TARGET("avx2") -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e60( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_0d( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a0( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5877,15 +5894,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e60( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_e0(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_a4(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_41(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5920,14 +5937,14 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.kyber_encapsulate with const generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( +libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ee( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } /** @@ -5945,7 +5962,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_avx2_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_89( + return libcrux_ml_kem_ind_cca_instantiations_avx2_kyber_encapsulate_ee( uu____0, copy_of_randomness); } @@ -6045,7 +6062,7 @@ generics */ KRML_ATTRIBUTE_TARGET("avx2") static inline bool -libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( +libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ab( uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } @@ -6059,7 +6076,7 @@ KRML_ATTRIBUTE_TARGET("avx2") static inline Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { Option_92 uu____0; - if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_9d( + if (libcrux_ml_kem_ind_cca_instantiations_avx2_validate_public_key_ab( public_key.value)) { uu____0 = (CLITERAL(Option_92){.tag = Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h index a233478c5..24236e9f0 100644 --- a/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/cg/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_mlkem768_portable_H @@ -2474,7 +2474,7 @@ with const generics - K= 3 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_7b(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_secret_key_closure_3a(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -2485,7 +2485,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( +libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_18( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2510,7 +2510,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_57( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_26( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -2528,7 +2528,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cpa_deserialize_secret_key_57( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_5f( + libcrux_ml_kem_serialize_deserialize_to_uncompressed_ring_element_18( secret_bytes); secret_as_ntt[i0] = uu____0; } @@ -2556,7 +2556,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - U_COMPRESSION_FACTOR= 10 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_1a(size_t _) { +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_closure_b5(size_t _) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -2605,7 +2605,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce( +libcrux_ml_kem_serialize_deserialize_then_decompress_10_fb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2669,7 +2669,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_11_41( +libcrux_ml_kem_serialize_deserialize_then_decompress_11_fb( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -2695,9 +2695,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d6( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_10_ce(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_10_fb(serialized); } typedef struct libcrux_ml_kem_vector_portable_vector_type_PortableVector_x2_s { @@ -2865,7 +2865,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_64( +static KRML_MUSTINLINE void libcrux_ml_kem_ntt_ntt_vector_u_8e( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; libcrux_ml_kem_ntt_ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U, @@ -2895,7 +2895,7 @@ with const generics - U_COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE void -libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e( +libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -2920,9 +2920,9 @@ libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e( (size_t)10U / (size_t)8U, uint8_t); u_as_ntt[i0] = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_be( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_u_d6( u_bytes); - libcrux_ml_kem_ntt_ntt_vector_u_64(&u_as_ntt[i0]); + libcrux_ml_kem_ntt_ntt_vector_u_8e(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -2974,7 +2974,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3( +libcrux_ml_kem_serialize_deserialize_then_decompress_4_be( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3038,7 +3038,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_5_e8( +libcrux_ml_kem_serialize_deserialize_then_decompress_5_09( Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -3064,9 +3064,9 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( +libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_04( Eurydice_slice serialized) { - return libcrux_ml_kem_serialize_deserialize_then_decompress_4_b3(serialized); + return libcrux_ml_kem_serialize_deserialize_then_decompress_4_be(serialized); } /** @@ -3324,7 +3324,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_subtract_reduce_89_66( +libcrux_ml_kem_polynomial_subtract_reduce_89_2a( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; @@ -3356,7 +3356,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_matrix_compute_message_b5( +libcrux_ml_kem_matrix_compute_message_06( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -3370,7 +3370,7 @@ libcrux_ml_kem_matrix_compute_message_b5( libcrux_ml_kem_polynomial_add_to_ring_element_89_e8(&result, &product); } libcrux_ml_kem_invert_ntt_invert_ntt_montgomery_95(&result); - result = libcrux_ml_kem_polynomial_subtract_reduce_89_66(v, result); + result = libcrux_ml_kem_polynomial_subtract_reduce_89_2a(v, result); return result; } @@ -3429,7 +3429,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE void -libcrux_ml_kem_serialize_compress_then_serialize_message_04( +libcrux_ml_kem_serialize_compress_then_serialize_message_71( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; for (size_t i = (size_t)0U; i < (size_t)16U; i++) { @@ -3485,20 +3485,20 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( +static inline void libcrux_ml_kem_ind_cpa_decrypt_unpacked_26( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0e(ciphertext, u_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_then_decompress_u_0d(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_a4( + libcrux_ml_kem_serialize_deserialize_then_decompress_ring_element_v_04( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - libcrux_ml_kem_matrix_compute_message_b5(&v, secret_key->secret_as_ntt, + libcrux_ml_kem_matrix_compute_message_06(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - libcrux_ml_kem_serialize_compress_then_serialize_message_04(message, ret0); + libcrux_ml_kem_serialize_compress_then_serialize_message_71(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -3512,11 +3512,11 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static inline void libcrux_ml_kem_ind_cpa_decrypt_87(Eurydice_slice secret_key, +static inline void libcrux_ml_kem_ind_cpa_decrypt_35(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - libcrux_ml_kem_ind_cpa_deserialize_secret_key_57(secret_key, secret_as_ntt); + libcrux_ml_kem_ind_cpa_deserialize_secret_key_26(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -3528,7 +3528,7 @@ static inline void libcrux_ml_kem_ind_cpa_decrypt_87(Eurydice_slice secret_key, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); uint8_t ret0[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_71(&secret_key_unpacked, ciphertext, + libcrux_ml_kem_ind_cpa_decrypt_unpacked_26(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4133,18 +4133,6 @@ static KRML_MUSTINLINE void libcrux_ml_kem_matrix_sample_matrix_A_05( sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); } -/** -A monomorphic instance of -libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types -libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics -- $3size_t -*/ -typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - uint8_t seed_for_A[32U]; - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; -} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; - /** A monomorphic instance of K. with types libcrux_ml_kem_polynomial_PolynomialRingElement @@ -5050,48 +5038,7 @@ libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( } /** - This function implements Algorithm 13 of the - NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. - - Algorithm 13 is reproduced below: - - ```plaintext - Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. - Input: message m ∈ 𝔹^{32}. - Input: encryption randomness r ∈ 𝔹^{32}. - Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. - - N ← 0 - t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) - ρ ← ekₚₖₑ[384k: 384k + 32] - for (i ← 0; i < k; i++) - for(j ← 0; j < k; j++) - Â[i,j] ← SampleNTT(XOF(ρ, i, j)) - end for - end for - for(i ← 0; i < k; i++) - r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) - N ← N + 1 - end for - for(i ← 0; i < k; i++) - e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - N ← N + 1 - end for - e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) - r̂ ← NTT(r) - u ← NTT-¹(Âᵀ ◦ r̂) + e₁ - μ ← Decompress₁(ByteDecode₁(m))) - v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ - c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) - c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) - return c ← (c₁ ‖ c₂) - ``` - - The NIST FIPS 203 standard can be found at - . -*/ -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics @@ -5108,9 +5055,20 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, - uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { +static inline void libcrux_ml_kem_ind_cpa_encrypt_09(Eurydice_slice public_key, + uint8_t message[32U], + Eurydice_slice randomness, + uint8_t ret[1088U]) { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( + Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), + t_as_ntt); + Eurydice_slice seed = + Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; + uint8_t ret0[34U]; + libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); + libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); uint8_t prf_input[33U]; libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ @@ -5141,8 +5099,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; - libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, - u); + libcrux_ml_kem_matrix_compute_vector_u_22(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); @@ -5151,7 +5108,7 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( copy_of_message); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = libcrux_ml_kem_matrix_compute_ring_element_v_ba( - public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); uint8_t ciphertext[1088U] = {0U}; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; memcpy( @@ -5167,76 +5124,6 @@ static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } -/** -A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt -with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, -libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const -generics -- K= 3 -- CIPHERTEXT_SIZE= 1088 -- T_AS_NTT_ENCODED_SIZE= 1152 -- C1_LEN= 960 -- C2_LEN= 128 -- U_COMPRESSION_FACTOR= 10 -- V_COMPRESSION_FACTOR= 4 -- BLOCK_LEN= 320 -- ETA1= 2 -- ETA1_RANDOMNESS_SIZE= 128 -- ETA2= 2 -- ETA2_RANDOMNESS_SIZE= 128 -*/ -static inline void libcrux_ml_kem_ind_cpa_encrypt_dd(Eurydice_slice public_key, - uint8_t message[32U], - Eurydice_slice randomness, - uint8_t ret[1088U]) { - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; - libcrux_ml_kem_serialize_deserialize_ring_elements_reduced_9d( - Eurydice_slice_subslice_to(public_key, (size_t)1152U, uint8_t, size_t), - t_as_ntt); - Eurydice_slice seed = - Eurydice_slice_subslice_from(public_key, (size_t)1152U, uint8_t, size_t); - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - uint8_t ret0[34U]; - libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); - libcrux_ml_kem_matrix_sample_matrix_A_05(ret0, false, A); - uint8_t seed_for_A[32U]; - Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - unwrap_41_83(dst, seed_for_A); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; - memcpy( - copy_of_t_as_ntt, t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; - memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, - (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_message[32U]; - memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____3, copy_of_message, - randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); -} - /** This function found in impl {(libcrux_ml_kem::ind_cca::Variant for libcrux_ml_kem::ind_cca::MlKem)#1} @@ -5248,7 +5135,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_6d( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_43_b8( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *_, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; @@ -5279,7 +5166,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( +static inline void libcrux_ml_kem_ind_cca_decapsulate_54( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -5297,7 +5184,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5321,7 +5208,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5332,18 +5219,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b5( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6d( + libcrux_ml_kem_ind_cca_kdf_43_b8( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_43_b8(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5376,10 +5263,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b5(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_54(private_key, ciphertext, ret); } /** @@ -5392,7 +5279,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_08( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_d4( private_key, ciphertext, ret); } @@ -5408,6 +5295,18 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8_s { uint8_t implicit_rejection_value[32U]; } libcrux_ml_kem_ind_cca_unpacked_MlKemPrivateKeyUnpacked_f8; +/** +A monomorphic instance of +libcrux_ml_kem.ind_cpa.unpacked.IndCpaPublicKeyUnpacked with types +libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics +- $3size_t +*/ +typedef struct libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8_s { + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; + uint8_t seed_for_A[32U]; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; +} libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8; + /** A monomorphic instance of libcrux_ml_kem.ind_cca.unpacked.MlKemPublicKeyUnpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector @@ -5430,6 +5329,124 @@ typedef struct libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8_s { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 public_key; } libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8; +/** + This function implements Algorithm 13 of the + NIST FIPS 203 specification; this is the Kyber CPA-PKE encryption algorithm. + + Algorithm 13 is reproduced below: + + ```plaintext + Input: encryption key ekₚₖₑ ∈ 𝔹^{384k+32}. + Input: message m ∈ 𝔹^{32}. + Input: encryption randomness r ∈ 𝔹^{32}. + Output: ciphertext c ∈ 𝔹^{32(dᵤk + dᵥ)}. + + N ← 0 + t̂ ← ByteDecode₁₂(ekₚₖₑ[0:384k]) + ρ ← ekₚₖₑ[384k: 384k + 32] + for (i ← 0; i < k; i++) + for(j ← 0; j < k; j++) + Â[i,j] ← SampleNTT(XOF(ρ, i, j)) + end for + end for + for(i ← 0; i < k; i++) + r[i] ← SamplePolyCBD_{η₁}(PRF_{η₁}(r,N)) + N ← N + 1 + end for + for(i ← 0; i < k; i++) + e₁[i] ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + N ← N + 1 + end for + e₂ ← SamplePolyCBD_{η₂}(PRF_{η₂}(r,N)) + r̂ ← NTT(r) + u ← NTT-¹(Âᵀ ◦ r̂) + e₁ + μ ← Decompress₁(ByteDecode₁(m))) + v ← NTT-¹(t̂ᵀ ◦ rˆ) + e₂ + μ + c₁ ← ByteEncode_{dᵤ}(Compress_{dᵤ}(u)) + c₂ ← ByteEncode_{dᵥ}(Compress_{dᵥ}(v)) + return c ← (c₁ ‖ c₂) + ``` + + The NIST FIPS 203 standard can be found at + . +*/ +/** +A monomorphic instance of libcrux_ml_kem.ind_cpa.encrypt_unpacked +with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, +libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const +generics +- K= 3 +- CIPHERTEXT_SIZE= 1088 +- T_AS_NTT_ENCODED_SIZE= 1152 +- C1_LEN= 960 +- C2_LEN= 128 +- U_COMPRESSION_FACTOR= 10 +- V_COMPRESSION_FACTOR= 4 +- BLOCK_LEN= 320 +- ETA1= 2 +- ETA1_RANDOMNESS_SIZE= 128 +- ETA2= 2 +- ETA2_RANDOMNESS_SIZE= 128 +*/ +static inline void libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( + libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, + uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = libcrux_ml_kem_ind_cpa_sample_vector_cbd_then_ntt_a7( + copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; + memcpy( + r_as_ntt, uu____1.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = libcrux_ml_kem_ind_cpa_sample_ring_element_cbd_38( + copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; + memcpy( + error_1, uu____3.fst, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + libcrux_ml_kem_hash_functions_portable_PRF_f1_ee0( + Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + libcrux_ml_kem_sampling_sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; + libcrux_ml_kem_matrix_compute_vector_u_22(public_key->A, r_as_ntt, error_1, + u); + /* Passing arrays by value in Rust generates a copy in C */ + uint8_t copy_of_message[32U]; + memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + libcrux_ml_kem_serialize_deserialize_then_decompress_message_6c( + copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + libcrux_ml_kem_matrix_compute_ring_element_v_ba( + public_key->t_as_ntt, r_as_ntt, &error_2, &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + libcrux_ml_kem_ind_cpa_compress_then_serialize_u_62( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + libcrux_ml_kem_serialize_compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); +} + /** A monomorphic instance of libcrux_ml_kem.ind_cca.decapsulate_unpacked with types libcrux_ml_kem_vector_portable_vector_type_PortableVector, @@ -5452,11 +5469,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( +static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_unpacked_71( + libcrux_ml_kem_ind_cpa_decrypt_unpacked_26( &key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5486,7 +5503,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -5498,11 +5515,11 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_09( + libcrux_ml_kem_ind_cpa_encrypt_unpacked_27( uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5538,10 +5555,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( +libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_0a(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_f6(key_pair, ciphertext, ret); } /** @@ -5554,7 +5571,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( static inline void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_4b( + libcrux_ml_kem_ind_cca_instantiations_portable_decapsulate_unpacked_ea( private_key, ciphertext, ret); } @@ -5568,7 +5585,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_43_a2( Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -5609,11 +5626,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_43_ff( + libcrux_ml_kem_ind_cca_entropy_preprocess_43_a2( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5644,15 +5661,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_43_6d(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_43_b8(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -5683,14 +5700,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_56( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f(uu____0, copy_of_randomness); } /** @@ -5707,7 +5724,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_fc( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_56( uu____0, copy_of_randomness); } @@ -5730,7 +5747,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -5758,7 +5775,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_unpacked_09(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_unpacked_27(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -5768,7 +5785,7 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -5801,7 +5818,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -5809,7 +5826,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_c0(uu____0, copy_of_randomness); } @@ -5829,7 +5846,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_d4( + return libcrux_ml_kem_ind_cca_instantiations_portable_encapsulate_unpacked_6f( uu____0, copy_of_randomness); } @@ -6310,7 +6327,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( +static inline tuple_9b libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_32( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; libcrux_ml_kem_hash_functions_portable_G_f1_e4(key_generation_seed, hashed); @@ -6402,7 +6419,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_4e(size_t _j) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_closure_b8(size_t _j) { return libcrux_ml_kem_polynomial_ZERO_89_8d(); } @@ -6420,7 +6437,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef( +static inline void libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_27( size_t _i, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { for (size_t i = (size_t)0U; i < (size_t)3U; i++) { ret[i] = libcrux_ml_kem_polynomial_ZERO_89_8d(); @@ -6438,7 +6455,7 @@ with const generics */ static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -libcrux_ml_kem_polynomial_clone_d5_60( +libcrux_ml_kem_polynomial_clone_d5_28( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -6465,7 +6482,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6473,7 +6490,7 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_95( + tuple_9b uu____0 = libcrux_ml_kem_ind_cpa_generate_keypair_unpacked_32( ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; @@ -6481,14 +6498,14 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62(uint8_t randomness[64U]) { ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { - libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_ef(i, A[i]); + libcrux_ml_kem_ind_cca_generate_keypair_unpacked_closure_27(i, A[i]); } for (size_t i0 = (size_t)0U; i0 < (size_t)3U; i0++) { size_t i1 = i0; for (size_t i = (size_t)0U; i < (size_t)3U; i++) { size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - libcrux_ml_kem_polynomial_clone_d5_60(&ind_cpa_public_key.A[j][i1]); + libcrux_ml_kem_polynomial_clone_d5_28(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1; } } @@ -6554,12 +6571,12 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static inline libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( +libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_c3( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_62( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_34( copy_of_randomness); } @@ -6572,7 +6589,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_20( + return libcrux_ml_kem_ind_cca_instantiations_portable_generate_keypair_unpacked_c3( copy_of_randomness); } @@ -6587,7 +6604,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_ee( Eurydice_slice shared_secret, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t kdf_input[64U]; @@ -6598,7 +6615,7 @@ static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_kdf_6c_57( uint8_t ret0[32U]; libcrux_ml_kem_hash_functions_portable_H_f1_1a( Eurydice_array_to_slice((size_t)1088U, - libcrux_ml_kem_types_as_slice_d4_b6(ciphertext), + libcrux_ml_kem_types_as_slice_d4_3e(ciphertext), uint8_t), ret0); Eurydice_slice_copy( @@ -6631,7 +6648,7 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( +static inline void libcrux_ml_kem_ind_cca_decapsulate_540( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -6649,7 +6666,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - libcrux_ml_kem_ind_cpa_decrypt_87(ind_cpa_secret_key, ciphertext->value, + libcrux_ml_kem_ind_cpa_decrypt_35(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6673,7 +6690,7 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_99(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_e0(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; libcrux_ml_kem_hash_functions_portable_PRF_f1_ee( @@ -6684,18 +6701,18 @@ static inline void libcrux_ml_kem_ind_cca_decapsulate_b50( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____5, copy_of_decrypted, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57( + libcrux_ml_kem_ind_cca_kdf_6c_ee( Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), ciphertext, implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret0, ciphertext, shared_secret); + libcrux_ml_kem_ind_cca_kdf_6c_ee(shared_secret0, ciphertext, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_99(ciphertext), + libcrux_ml_kem_types_as_ref_00_e0(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6729,10 +6746,10 @@ generics - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ static inline void -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b50(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_540(private_key, ciphertext, ret); } /** @@ -6745,7 +6762,7 @@ libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( static inline void libcrux_ml_kem_mlkem768_portable_kyber_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_d4( + libcrux_ml_kem_ind_cca_instantiations_portable_kyber_decapsulate_a6( private_key, ciphertext, ret); } @@ -6759,7 +6776,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( +static KRML_MUSTINLINE void libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( Eurydice_slice randomness, uint8_t ret[32U]) { libcrux_ml_kem_hash_functions_portable_H_f1_1a(randomness, ret); } @@ -6783,11 +6800,11 @@ libcrux_ml_kem_ind_cca_Kyber with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( +static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f0( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - libcrux_ml_kem_ind_cca_entropy_preprocess_6c_a8( + libcrux_ml_kem_ind_cca_entropy_preprocess_6c_cf( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6818,15 +6835,15 @@ static inline tuple_3c libcrux_ml_kem_ind_cca_encapsulate_410( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - libcrux_ml_kem_ind_cpa_encrypt_dd(uu____2, copy_of_randomness, + libcrux_ml_kem_ind_cpa_encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - libcrux_ml_kem_ind_cca_kdf_6c_57(shared_secret, &ciphertext0, + libcrux_ml_kem_ind_cca_kdf_6c_ee(shared_secret, &ciphertext0, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ @@ -6861,14 +6878,14 @@ generics - ETA2_RANDOMNESS_SIZE= 128 */ static inline tuple_3c -libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( +libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_54( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f0(uu____0, copy_of_randomness); } /** @@ -6885,7 +6902,7 @@ static inline tuple_3c libcrux_ml_kem_mlkem768_portable_kyber_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_48( + return libcrux_ml_kem_ind_cca_instantiations_portable_kyber_encapsulate_54( uu____0, copy_of_randomness); } diff --git a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h index 3458d6b5f..eaf91e1fb 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/cg/libcrux_sha3_portable.h b/libcrux-ml-kem/cg/libcrux_sha3_portable.h index a63c6faa4..a79b33184 100644 --- a/libcrux-ml-kem/cg/libcrux_sha3_portable.h +++ b/libcrux-ml-kem/cg/libcrux_sha3_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: 63adbfbbd05fa6af8ba19b1a07ea45dd84037503 + * Libcrux: 0ca73e59afe19a3f88b8ff45d0c57b0ebe851319 */ #ifndef __libcrux_sha3_portable_H diff --git a/libcrux-ml-kem/src/ind_cpa.rs b/libcrux-ml-kem/src/ind_cpa.rs index ac045ae13..7219c8891 100644 --- a/libcrux-ml-kem/src/ind_cpa.rs +++ b/libcrux-ml-kem/src/ind_cpa.rs @@ -426,28 +426,56 @@ pub(crate) fn encrypt< // end for let seed = &public_key[T_AS_NTT_ENCODED_SIZE..]; let A = sample_matrix_A::(into_padded_array(seed), false); - let seed_for_A: [u8; 32] = seed.try_into().unwrap(); - let public_key_unpacked = IndCpaPublicKeyUnpacked { - t_as_ntt, - A, - seed_for_A, - }; - encrypt_unpacked::< - K, - CIPHERTEXT_SIZE, - T_AS_NTT_ENCODED_SIZE, - C1_LEN, - C2_LEN, - U_COMPRESSION_FACTOR, - V_COMPRESSION_FACTOR, - BLOCK_LEN, - ETA1, - ETA1_RANDOMNESS_SIZE, - ETA2, - ETA2_RANDOMNESS_SIZE, - Vector, - Hasher, - >(&public_key_unpacked, message, randomness) + + // Note that we do not use the unpacked function internally here and instead + // duplicate the code to avoid blowing up the stack. + + // for i from 0 to k−1 do + // r[i] := CBD{η1}(PRF(r, N)) + // N := N + 1 + // end for + // rˆ := NTT(r) + let mut prf_input: [u8; 33] = into_padded_array(randomness); + let (r_as_ntt, domain_separator) = + sample_vector_cbd_then_ntt::(prf_input, 0); + + // for i from 0 to k−1 do + // e1[i] := CBD_{η2}(PRF(r,N)) + // N := N + 1 + // end for + let (error_1, domain_separator) = + sample_ring_element_cbd::( + prf_input, + domain_separator, + ); + + // e_2 := CBD{η2}(PRF(r, N)) + prf_input[32] = domain_separator; + let prf_output: [u8; ETA2_RANDOMNESS_SIZE] = Hasher::PRF(&prf_input); + let error_2 = sample_from_binomial_distribution::(&prf_output); + + // u := NTT^{-1}(AˆT ◦ rˆ) + e_1 + let u = compute_vector_u(&A, &r_as_ntt, &error_1); + + // v := NTT^{−1}(tˆT ◦ rˆ) + e_2 + Decompress_q(Decode_1(m),1) + let message_as_ring_element = deserialize_then_decompress_message(message); + let v = compute_ring_element_v(&t_as_ntt, &r_as_ntt, &error_2, &message_as_ring_element); + + let mut ciphertext = [0u8; CIPHERTEXT_SIZE]; + + // c_1 := Encode_{du}(Compress_q(u,d_u)) + compress_then_serialize_u::( + u, + &mut ciphertext[0..C1_LEN], + ); + + // c_2 := Encode_{dv}(Compress_q(v,d_v)) + compress_then_serialize_ring_element_v::( + v, + &mut ciphertext[C1_LEN..], + ); + + ciphertext } /// Call [`deserialize_then_decompress_ring_element_u`] on each ring element From 322297aa4545eea6f5ba5d5fdd1565a790e5f726 Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 21:36:17 +0200 Subject: [PATCH 15/16] sha3 benchmarks --- libcrux-ml-kem/cg/benches/sha3.cc | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/libcrux-ml-kem/cg/benches/sha3.cc b/libcrux-ml-kem/cg/benches/sha3.cc index 802449e33..b9a8fc540 100644 --- a/libcrux-ml-kem/cg/benches/sha3.cc +++ b/libcrux-ml-kem/cg/benches/sha3.cc @@ -126,11 +126,12 @@ shake256_33_128(benchmark::State &state) } } -BENCHMARK(sha3_256_1184); -BENCHMARK(sha3_512_64); BENCHMARK(shake128_34_504); BENCHMARK(shake256_1120_32); BENCHMARK(shake256_33_128); #endif +BENCHMARK(sha3_256_1184); +BENCHMARK(sha3_512_64); + BENCHMARK_MAIN(); From 573b064d92668df0a274c6a23ec3b43632556d6f Mon Sep 17 00:00:00 2001 From: Franziskus Kiefer Date: Sun, 18 Aug 2024 19:52:00 +0000 Subject: [PATCH 16/16] update mlkem c extraction --- libcrux-ml-kem/c/code_gen.txt | 2 +- libcrux-ml-kem/c/internal/libcrux_core.h | 60 +- .../c/internal/libcrux_mlkem_avx2.h | 32 +- .../c/internal/libcrux_mlkem_portable.h | 32 +- libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h | 2 +- .../c/internal/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_core.c | 54 +- libcrux-ml-kem/c/libcrux_core.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem1024_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem512_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem512_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.c | 40 +- libcrux-ml-kem/c/libcrux_mlkem768_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.c | 32 +- libcrux-ml-kem/c/libcrux_mlkem768_portable.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_avx2.c | 584 ++++++++++-------- libcrux-ml-kem/c/libcrux_mlkem_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.c | 2 +- libcrux-ml-kem/c/libcrux_mlkem_neon.h | 2 +- libcrux-ml-kem/c/libcrux_mlkem_portable.c | 494 ++++++++------- libcrux-ml-kem/c/libcrux_mlkem_portable.h | 2 +- libcrux-ml-kem/c/libcrux_sha3.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_avx2.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_internal.h | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.c | 2 +- libcrux-ml-kem/c/libcrux_sha3_neon.h | 2 +- 35 files changed, 807 insertions(+), 711 deletions(-) diff --git a/libcrux-ml-kem/c/code_gen.txt b/libcrux-ml-kem/c/code_gen.txt index a2424cd2d..65ad8e763 100644 --- a/libcrux-ml-kem/c/code_gen.txt +++ b/libcrux-ml-kem/c/code_gen.txt @@ -3,4 +3,4 @@ Charon: 962f26311ccdf09a6a3cfeacbccafba22bf3d405 Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty -Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b +Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 diff --git a/libcrux-ml-kem/c/internal/libcrux_core.h b/libcrux-ml-kem/c/internal/libcrux_core.h index 74e72ff40..bc7d92069 100644 --- a/libcrux-ml-kem/c/internal/libcrux_core.h +++ b/libcrux-ml-kem/c/internal/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_core_H @@ -116,7 +116,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_ec1( uint8_t value[1568U]); /** @@ -142,7 +142,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b41( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self); /** @@ -206,7 +206,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_ec0( uint8_t value[1088U]); /** @@ -232,7 +232,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b40( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self); /** @@ -287,6 +287,29 @@ with const generics libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( uint8_t value[1632U]); +/** +A monomorphic instance of core.result.Result +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +typedef struct core_result_Result_00_s { + core_result_Result_86_tags tag; + union { + uint8_t case_Ok[32U]; + core_array_TryFromSliceError case_Err; + } val; +} core_result_Result_00; + +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#2} @@ -296,7 +319,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_ec( uint8_t value[768U]); /** @@ -324,29 +347,6 @@ with const generics void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, uint8_t ret[33U]); -/** -A monomorphic instance of core.result.Result -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -typedef struct core_result_Result_00_s { - core_result_Result_86_tags tag; - union { - uint8_t case_Ok[32U]; - core_array_TryFromSliceError case_Err; - } val; -} core_result_Result_00; - -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]); - /** Pad the `slice` with `0`s at the end. */ @@ -367,7 +367,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b4( libcrux_ml_kem_types_MlKemCiphertext_e8 *self); /** diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h index fddfc05eb..45a032565 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_mlkem_avx2_H @@ -47,7 +47,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]); /** Packed API @@ -90,7 +90,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]); @@ -113,7 +113,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -138,7 +138,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -164,7 +164,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b61( +void libcrux_ml_kem_ind_cca_decapsulate_6e1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -191,7 +191,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]); /** Packed API @@ -234,7 +234,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]); @@ -257,7 +257,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -282,7 +282,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -308,7 +308,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b60( +void libcrux_ml_kem_ind_cca_decapsulate_6e0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -335,7 +335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]); /** Packed API @@ -378,7 +378,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]); @@ -401,7 +401,7 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -426,7 +426,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -452,7 +452,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b6( +void libcrux_ml_kem_ind_cca_decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h index dec2addfe..8476cfc9b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/internal/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_mlkem_portable_H @@ -53,7 +53,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]); /** Packed API @@ -98,7 +98,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]); @@ -121,7 +121,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]); @@ -147,7 +147,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -173,7 +173,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b21( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]); @@ -201,7 +201,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]); /** Packed API @@ -246,7 +246,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]); @@ -269,7 +269,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]); @@ -295,7 +295,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -321,7 +321,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b20( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]); @@ -349,7 +349,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]); +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]); /** Packed API @@ -394,7 +394,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]); @@ -417,7 +417,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]); @@ -443,7 +443,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); @@ -469,7 +469,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b2( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]); diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h index 7ed30875a..24e4c990b 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h index 43b7619f7..b8e6978ec 100644 --- a/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/internal/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __internal_libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_core.c b/libcrux-ml-kem/c/libcrux_core.c index 51173e23c..86b12376b 100644 --- a/libcrux-ml-kem/c/libcrux_core.c +++ b/libcrux-ml-kem/c/libcrux_core.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_core.h" @@ -154,7 +154,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1568 */ -libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_141( +libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext libcrux_ml_kem_types_from_01_ec1( uint8_t value[1568U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1568U]; @@ -189,7 +189,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1568 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd1( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b41( libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *self) { return Eurydice_array_to_slice((size_t)1568U, self->value, uint8_t); } @@ -280,7 +280,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 1088 */ -libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_140( +libcrux_ml_kem_mlkem768_MlKem768Ciphertext libcrux_ml_kem_types_from_01_ec0( uint8_t value[1088U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[1088U]; @@ -315,7 +315,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 1088 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd0( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b40( libcrux_ml_kem_mlkem768_MlKem768Ciphertext *self) { return Eurydice_array_to_slice((size_t)1088U, self->value, uint8_t); } @@ -396,6 +396,26 @@ libcrux_ml_kem_types_MlKemPrivateKey_5e libcrux_ml_kem_types_from_05_db( return lit; } +/** +This function found in impl {core::result::Result} +*/ +/** +A monomorphic instance of core.result.unwrap_41 +with types uint8_t[32size_t], core_array_TryFromSliceError + +*/ +void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { + if (self.tag == core_result_Ok) { + uint8_t f0[32U]; + memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); + memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); + } else { + KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, + "unwrap not Ok"); + KRML_HOST_EXIT(255U); + } +} + /** This function found in impl {(core::convert::From<@Array> for libcrux_ml_kem::types::MlKemCiphertext)#2} @@ -405,7 +425,7 @@ A monomorphic instance of libcrux_ml_kem.types.from_01 with const generics - SIZE= 768 */ -libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_14( +libcrux_ml_kem_types_MlKemCiphertext_e8 libcrux_ml_kem_types_from_01_ec( uint8_t value[768U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_value[768U]; @@ -450,26 +470,6 @@ void libcrux_ml_kem_utils_into_padded_array_ea2(Eurydice_slice slice, memcpy(ret, out, (size_t)33U * sizeof(uint8_t)); } -/** -This function found in impl {core::result::Result} -*/ -/** -A monomorphic instance of core.result.unwrap_41 -with types uint8_t[32size_t], core_array_TryFromSliceError - -*/ -void core_result_unwrap_41_83(core_result_Result_00 self, uint8_t ret[32U]) { - if (self.tag == core_result_Ok) { - uint8_t f0[32U]; - memcpy(f0, self.val.case_Ok, (size_t)32U * sizeof(uint8_t)); - memcpy(ret, f0, (size_t)32U * sizeof(uint8_t)); - } else { - KRML_HOST_EPRINTF("KaRaMeL abort at %s:%d\n%s\n", __FILE__, __LINE__, - "unwrap not Ok"); - KRML_HOST_EXIT(255U); - } -} - /** Pad the `slice` with `0`s at the end. */ @@ -498,7 +498,7 @@ A monomorphic instance of libcrux_ml_kem.types.as_ref_00 with const generics - SIZE= 768 */ -Eurydice_slice libcrux_ml_kem_types_as_ref_00_dd( +Eurydice_slice libcrux_ml_kem_types_as_ref_00_b4( libcrux_ml_kem_types_MlKemCiphertext_e8 *self) { return Eurydice_array_to_slice((size_t)768U, self->value, uint8_t); } diff --git a/libcrux-ml-kem/c/libcrux_core.h b/libcrux-ml-kem/c/libcrux_core.h index b527d22f6..b502bf359 100644 --- a/libcrux-ml-kem/c/libcrux_core.h +++ b/libcrux-ml-kem/c/libcrux_core.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_core_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024.h b/libcrux-ml-kem/c/libcrux_mlkem1024.h index 59edf1b4e..729432ad7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem1024_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c index 432eb7c2c..85a1dce7f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem1024_avx2.h" @@ -38,11 +38,11 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_cd( +static void decapsulate_ea( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b60(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6e0(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_cd(private_key, ciphertext, ret); + decapsulate_ea(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_ea( +static void decapsulate_unpacked_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_260(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_ea(private_key, ciphertext, ret); + decapsulate_unpacked_d0(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_32( +static tuple_21 encapsulate_14( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e60(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_32(uu____0, copy_of_randomness); + return encapsulate_14(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_14( +static tuple_21 encapsulate_unpacked_4c( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_14( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_720(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_14(uu____0, copy_of_randomness); + return encapsulate_unpacked_4c(uu____0, copy_of_randomness); } /** @@ -216,7 +216,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_88( +static libcrux_ml_kem_mlkem1024_MlKem1024KeyPair generate_keypair_1a( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -232,7 +232,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_88(copy_of_randomness); + return generate_keypair_1a(copy_of_randomness); } /** @@ -251,11 +251,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -generate_keypair_unpacked_af(uint8_t randomness[64U]) { +generate_keypair_unpacked_c0(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270( copy_of_randomness); } @@ -268,7 +268,7 @@ libcrux_ml_kem_mlkem1024_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_af(copy_of_randomness); + return generate_keypair_unpacked_c0(copy_of_randomness); } /** @@ -282,7 +282,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1536 - PUBLIC_KEY_SIZE= 1568 */ -static bool validate_public_key_520(uint8_t *public_key) { +static bool validate_public_key_c90(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f90(public_key); } @@ -294,7 +294,7 @@ static bool validate_public_key_520(uint8_t *public_key) { core_option_Option_99 libcrux_ml_kem_mlkem1024_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_1f public_key) { core_option_Option_99 uu____0; - if (validate_public_key_520(public_key.value)) { + if (validate_public_key_c90(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_99){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h index 02a1e0ab9..b99bd8543 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem1024_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c index 1cb401481..a207fbbab 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem1024_portable.h" @@ -38,11 +38,11 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_ee( +static void decapsulate_3c( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b21(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_811(private_key, ciphertext, ret); } /** @@ -56,7 +56,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_ee(private_key, ciphertext, ret); + decapsulate_3c(private_key, ciphertext, ret); } /** @@ -83,11 +83,11 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -static void decapsulate_unpacked_28( +static void decapsulate_unpacked_d0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_441(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1(key_pair, ciphertext, ret); } /** @@ -101,7 +101,7 @@ void libcrux_ml_kem_mlkem1024_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_28(private_key, ciphertext, ret); + decapsulate_unpacked_d0(private_key, ciphertext, ret); } /** @@ -121,14 +121,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_1a( +static tuple_21 encapsulate_a5( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_1f *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f1(uu____0, copy_of_randomness); } /** @@ -145,7 +145,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_1a(uu____0, copy_of_randomness); + return encapsulate_a5(uu____0, copy_of_randomness); } /** @@ -169,7 +169,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_21 encapsulate_unpacked_4e( +static tuple_21 encapsulate_unpacked_5a( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *uu____0 = @@ -177,7 +177,7 @@ static tuple_21 encapsulate_unpacked_4e( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1(uu____0, copy_of_randomness); } @@ -199,7 +199,7 @@ tuple_21 libcrux_ml_kem_mlkem1024_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_4e(uu____0, copy_of_randomness); + return encapsulate_unpacked_5a(uu____0, copy_of_randomness); } /** @@ -252,11 +252,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -generate_keypair_unpacked_b3(uint8_t randomness[64U]) { +generate_keypair_unpacked_d2(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81( copy_of_randomness); } @@ -269,7 +269,7 @@ libcrux_ml_kem_mlkem1024_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_b3(copy_of_randomness); + return generate_keypair_unpacked_d2(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h index 18df930ab..daa5a6f2c 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem1024_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem1024_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512.h b/libcrux-ml-kem/c/libcrux_mlkem512.h index 6c5fa87f5..387170991 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem512_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c index 5367ea6e2..31357fee4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem512_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_4f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_d3(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b6(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6e(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_4f(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_4f(private_key, ciphertext, ret); + decapsulate_d3(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_d3( +static void decapsulate_unpacked_d9( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_26(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_d3( void libcrux_ml_kem_mlkem512_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_d3(private_key, ciphertext, ret); + decapsulate_unpacked_d9(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_a5( +static tuple_ec encapsulate_bd( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e6(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_a5(uu____0, copy_of_randomness); + return encapsulate_bd(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_bd( +static tuple_ec encapsulate_unpacked_2e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_bd( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_72(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_bd(uu____0, copy_of_randomness); + return encapsulate_unpacked_2e(uu____0, copy_of_randomness); } /** @@ -210,7 +210,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_ab( +static libcrux_ml_kem_types_MlKemKeyPair_cb generate_keypair_3e( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_ab(copy_of_randomness); + return generate_keypair_3e(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -generate_keypair_unpacked_d6(uint8_t randomness[64U]) { +generate_keypair_unpacked_7f(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem512_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_d6(copy_of_randomness); + return generate_keypair_unpacked_7f(copy_of_randomness); } /** @@ -276,7 +276,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 768 - PUBLIC_KEY_SIZE= 800 */ -static bool validate_public_key_52(uint8_t *public_key) { +static bool validate_public_key_c9(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f9(public_key); } @@ -288,7 +288,7 @@ static bool validate_public_key_52(uint8_t *public_key) { core_option_Option_04 libcrux_ml_kem_mlkem512_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_be public_key) { core_option_Option_04 uu____0; - if (validate_public_key_52(public_key.value)) { + if (validate_public_key_c9(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_04){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h index de016f75b..f0594d0a7 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem512_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c index cf889ae06..e2ee05849 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem512_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, +static void decapsulate_60(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b20(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_810(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_f8(libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, void libcrux_ml_kem_mlkem512_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_f8(private_key, ciphertext, ret); + decapsulate_60(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -static void decapsulate_unpacked_0c( +static void decapsulate_unpacked_4f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_440(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_0c( void libcrux_ml_kem_mlkem512_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_0c(private_key, ciphertext, ret); + decapsulate_unpacked_4f(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_33( +static tuple_ec encapsulate_51( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_be *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_410(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f0(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_33(uu____0, copy_of_randomness); + return encapsulate_51(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_ec encapsulate_unpacked_f7( +static tuple_ec encapsulate_unpacked_b3( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *uu____0 = @@ -173,7 +173,7 @@ static tuple_ec encapsulate_unpacked_f7( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_ec libcrux_ml_kem_mlkem512_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_f7(uu____0, copy_of_randomness); + return encapsulate_unpacked_b3(uu____0, copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 192 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -generate_keypair_unpacked_fe(uint8_t randomness[64U]) { +generate_keypair_unpacked_9e(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem512_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_fe(copy_of_randomness); + return generate_keypair_unpacked_9e(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h index 3ca4b0b85..0042942bc 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem512_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem512_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem512_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768.h b/libcrux-ml-kem/c/libcrux_mlkem768.h index 645dd5ef8..d36bab9af 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem768_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c index 576acabef..f34aece0b 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem768_avx2.h" @@ -38,10 +38,10 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_99( +static void decapsulate_25( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b61(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_6e1(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_99( void libcrux_ml_kem_mlkem768_avx2_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_99(private_key, ciphertext, ret); + decapsulate_25(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_25( +static void decapsulate_unpacked_b4( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_261(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_25( void libcrux_ml_kem_mlkem768_avx2_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_25(private_key, ciphertext, ret); + decapsulate_unpacked_b4(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_60( +static tuple_3c encapsulate_27( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_e61(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_411(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_60(uu____0, copy_of_randomness); + return encapsulate_27(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_27( +static tuple_3c encapsulate_unpacked_ff( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_27( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_721(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_avx2_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_27(uu____0, copy_of_randomness); + return encapsulate_unpacked_ff(uu____0, copy_of_randomness); } /** @@ -210,7 +210,7 @@ libcrux_ml_kem.ind_cca.instantiations.avx2.generate_keypair with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_c0( +static libcrux_ml_kem_mlkem768_MlKem768KeyPair generate_keypair_93( uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; @@ -226,7 +226,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_c0(copy_of_randomness); + return generate_keypair_93(copy_of_randomness); } /** @@ -245,11 +245,11 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -generate_keypair_unpacked_0b(uint8_t randomness[64U]) { +generate_keypair_unpacked_51(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271( copy_of_randomness); } @@ -262,7 +262,7 @@ libcrux_ml_kem_mlkem768_avx2_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_0b(copy_of_randomness); + return generate_keypair_unpacked_51(copy_of_randomness); } /** @@ -276,7 +276,7 @@ generics - RANKED_BYTES_PER_RING_ELEMENT= 1152 - PUBLIC_KEY_SIZE= 1184 */ -static bool validate_public_key_521(uint8_t *public_key) { +static bool validate_public_key_c91(uint8_t *public_key) { return libcrux_ml_kem_ind_cca_validate_public_key_f91(public_key); } @@ -288,7 +288,7 @@ static bool validate_public_key_521(uint8_t *public_key) { core_option_Option_92 libcrux_ml_kem_mlkem768_avx2_validate_public_key( libcrux_ml_kem_types_MlKemPublicKey_15 public_key) { core_option_Option_92 uu____0; - if (validate_public_key_521(public_key.value)) { + if (validate_public_key_c91(public_key.value)) { uu____0 = (CLITERAL(core_option_Option_92){.tag = core_option_Some, .f0 = public_key}); } else { diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h index 8c8af3f91..43657f081 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem768_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c index f8904ea1a..617074ec1 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem768_portable.h" @@ -38,10 +38,10 @@ libcrux_ml_kem.ind_cca.instantiations.portable.decapsulate with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_e7( +static void decapsulate_e3( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_b2(private_key, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_81(private_key, ciphertext, ret); } /** @@ -54,7 +54,7 @@ static void decapsulate_e7( void libcrux_ml_kem_mlkem768_portable_decapsulate( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_e7(private_key, ciphertext, ret); + decapsulate_e3(private_key, ciphertext, ret); } /** @@ -81,10 +81,10 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -static void decapsulate_unpacked_bd( +static void decapsulate_unpacked_fc( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - libcrux_ml_kem_ind_cca_decapsulate_unpacked_44(key_pair, ciphertext, ret); + libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c(key_pair, ciphertext, ret); } /** @@ -97,7 +97,7 @@ static void decapsulate_unpacked_bd( void libcrux_ml_kem_mlkem768_portable_decapsulate_unpacked( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { - decapsulate_unpacked_bd(private_key, ciphertext, ret); + decapsulate_unpacked_fc(private_key, ciphertext, ret); } /** @@ -117,14 +117,14 @@ libcrux_ml_kem.ind_cca.instantiations.portable.encapsulate with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_fd( +static tuple_3c encapsulate_30( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_types_MlKemPublicKey_15 *uu____0 = public_key; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_41(uu____0, copy_of_randomness); + return libcrux_ml_kem_ind_cca_encapsulate_8f(uu____0, copy_of_randomness); } /** @@ -141,7 +141,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_fd(uu____0, copy_of_randomness); + return encapsulate_30(uu____0, copy_of_randomness); } /** @@ -165,7 +165,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static tuple_3c encapsulate_unpacked_e9( +static tuple_3c encapsulate_unpacked_d1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *uu____0 = @@ -173,7 +173,7 @@ static tuple_3c encapsulate_unpacked_e9( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b(uu____0, + return libcrux_ml_kem_ind_cca_encapsulate_unpacked_de(uu____0, copy_of_randomness); } @@ -193,7 +193,7 @@ tuple_3c libcrux_ml_kem_mlkem768_portable_encapsulate_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); - return encapsulate_unpacked_e9(uu____0, copy_of_randomness); + return encapsulate_unpacked_d1(uu____0, copy_of_randomness); } /** @@ -246,11 +246,11 @@ const generics - ETA1_RANDOMNESS_SIZE= 128 */ static libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -generate_keypair_unpacked_78(uint8_t randomness[64U]) { +generate_keypair_unpacked_05(uint8_t randomness[64U]) { /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4( + return libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8( copy_of_randomness); } @@ -263,7 +263,7 @@ libcrux_ml_kem_mlkem768_portable_generate_key_pair_unpacked( /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_randomness[64U]; memcpy(copy_of_randomness, randomness, (size_t)64U * sizeof(uint8_t)); - return generate_keypair_unpacked_78(copy_of_randomness); + return generate_keypair_unpacked_05(copy_of_randomness); } /** diff --git a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h index 9251372d3..85ac2699f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem768_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem768_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem768_portable_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c index 105b03788..a1cafa4cd 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_mlkem_avx2.h" @@ -1126,7 +1126,7 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.arithmetic.shift_right with const generics - SHIFT_BY= 15 */ -static KRML_MUSTINLINE __m256i shift_right_17(__m256i vector) { +static KRML_MUSTINLINE __m256i shift_right_66(__m256i vector) { return mm256_srai_epi16((int32_t)15, vector, __m256i); } @@ -1139,8 +1139,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.shift_right_ea with const generics - SHIFT_BY= 15 */ -static __m256i shift_right_ea_08(__m256i vector) { - return shift_right_17(vector); +static __m256i shift_right_ea_fc(__m256i vector) { + return shift_right_66(vector); } /** @@ -1150,7 +1150,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static __m256i to_unsigned_representative_14(__m256i a) { - __m256i t = shift_right_ea_08(a); + __m256i t = shift_right_ea_fc(a); __m256i fm = libcrux_ml_kem_vector_avx2_bitwise_and_with_constant_ea( t, LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); return libcrux_ml_kem_vector_avx2_add_ea(a, &fm); @@ -2372,7 +2372,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b0 generate_keypair_unpacked_5c1( +static tuple_9b0 generate_keypair_unpacked_e81( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e11(key_generation_seed, hashed); @@ -2458,7 +2458,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a21( +static void closure_a71( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -2474,7 +2474,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_6f( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_d2 clone_d5_d6( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 lit; __m256i ret[16U]; @@ -2510,7 +2510,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_271(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -2518,18 +2518,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_881(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b0 uu____0 = generate_keypair_unpacked_5c1(ind_cpa_keypair_randomness); + tuple_9b0 uu____0 = generate_keypair_unpacked_e81(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a21(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_a71(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6f(&ind_cpa_public_key.A[j][i1]); + clone_d5_d6(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[3U][3U]; memcpy(uu____2, A, @@ -3125,7 +3125,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d4(__m256i vector) { +compress_ciphertext_coefficient_e0(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3172,8 +3172,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i compress_ea_0e(__m256i vector) { - return compress_ciphertext_coefficient_d4(vector); +static __m256i compress_ea_9b(__m256i vector) { + return compress_ciphertext_coefficient_e0(vector); } /** @@ -3189,7 +3189,7 @@ static KRML_MUSTINLINE void compress_then_serialize_10_d0( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_0e(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_9b(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[20U]; libcrux_ml_kem_vector_avx2_serialize_10_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -3207,7 +3207,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d40(__m256i vector) { +compress_ciphertext_coefficient_e00(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3254,8 +3254,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i compress_ea_0e0(__m256i vector) { - return compress_ciphertext_coefficient_d40(vector); +static __m256i compress_ea_9b0(__m256i vector) { + return compress_ciphertext_coefficient_e00(vector); } /** @@ -3313,7 +3313,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d41(__m256i vector) { +compress_ciphertext_coefficient_e01(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3360,8 +3360,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i compress_ea_0e1(__m256i vector) { - return compress_ciphertext_coefficient_d41(vector); +static __m256i compress_ea_9b1(__m256i vector) { + return compress_ciphertext_coefficient_e01(vector); } /** @@ -3377,7 +3377,7 @@ static KRML_MUSTINLINE void compress_then_serialize_4_fb( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_0e1(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_9b1(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[8U]; libcrux_ml_kem_vector_avx2_serialize_4_ea(coefficient, bytes); Eurydice_slice_copy( @@ -3394,7 +3394,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -compress_ciphertext_coefficient_d42(__m256i vector) { +compress_ciphertext_coefficient_e02(__m256i vector) { __m256i field_modulus_halved = mm256_set1_epi32( ((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS - (int32_t)1) / (int32_t)2); @@ -3441,8 +3441,8 @@ A monomorphic instance of libcrux_ml_kem.vector.avx2.compress_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i compress_ea_0e2(__m256i vector) { - return compress_ciphertext_coefficient_d42(vector); +static __m256i compress_ea_9b2(__m256i vector) { + return compress_ciphertext_coefficient_e02(vector); } /** @@ -3458,7 +3458,7 @@ static KRML_MUSTINLINE void compress_then_serialize_5_8e( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficients = - compress_ea_0e2(to_unsigned_representative_14(re.coefficients[i0])); + compress_ea_9b2(to_unsigned_representative_14(re.coefficients[i0])); uint8_t bytes[10U]; libcrux_ml_kem_vector_avx2_serialize_5_ea(coefficients, bytes); Eurydice_slice_copy( @@ -3538,7 +3538,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a31( +static void encrypt_unpacked_af1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -3612,7 +3612,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_a0 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -3639,7 +3639,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_a31(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_af1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -3649,7 +3649,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_721( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -3670,7 +3670,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_811(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c11(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3733,7 +3733,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_e01(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a31(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[3U]; deserialize_ring_elements_reduced_a83( @@ -3745,41 +3745,57 @@ static void encrypt_e01(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac1(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[3U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____1 = sample_vector_cbd_then_ntt_081(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b00 uu____3 = + sample_ring_element_cbd_581(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[3U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_a0 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_dd4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[3U]; + compute_vector_u_541(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_a31(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_d3(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_f91(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_9b1( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** @@ -3793,7 +3809,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_9a1(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_be1(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -3820,11 +3836,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_411( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_811( + entropy_preprocess_af_c11( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -3853,14 +3869,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_e61( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_e01(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a31(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9a1(shared_secret, shared_secret_array); + kdf_af_be1(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -3879,7 +3895,7 @@ generics - COEFFICIENT_BITS= 10 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b(__m256i vector) { +decompress_ciphertext_coefficient_57(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3923,8 +3939,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 10 */ -static __m256i decompress_ciphertext_coefficient_ea_9b(__m256i vector) { - return decompress_ciphertext_coefficient_8b(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c(__m256i vector) { + return decompress_ciphertext_coefficient_57(vector); } /** @@ -3934,7 +3950,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_10_92(Eurydice_slice serialized) { +deserialize_then_decompress_10_94(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -3942,7 +3958,7 @@ deserialize_then_decompress_10_92(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)20U, i0 * (size_t)20U + (size_t)20U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_10_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c(coefficient); } return re; } @@ -3954,7 +3970,7 @@ generics - COEFFICIENT_BITS= 11 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b0(__m256i vector) { +decompress_ciphertext_coefficient_570(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -3998,8 +4014,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 11 */ -static __m256i decompress_ciphertext_coefficient_ea_9b0(__m256i vector) { - return decompress_ciphertext_coefficient_8b0(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c0(__m256i vector) { + return decompress_ciphertext_coefficient_570(vector); } /** @@ -4009,7 +4025,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_11_79(Eurydice_slice serialized) { +deserialize_then_decompress_11_ec(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -4017,7 +4033,7 @@ deserialize_then_decompress_11_79(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)22U, i0 * (size_t)22U + (size_t)22U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_11_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b0(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c0(coefficient); } return re; } @@ -4029,8 +4045,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_28(Eurydice_slice serialized) { - return deserialize_then_decompress_10_92(serialized); +deserialize_then_decompress_ring_element_u_0e(Eurydice_slice serialized) { + return deserialize_then_decompress_10_94(serialized); } /** @@ -4039,7 +4055,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_b2( +static KRML_MUSTINLINE void ntt_vector_u_c1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -4064,7 +4080,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1c1( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7a1( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; @@ -4087,8 +4103,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1c1( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); - ntt_vector_u_b2(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e(u_bytes); + ntt_vector_u_c1(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -4102,7 +4118,7 @@ generics - COEFFICIENT_BITS= 4 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b1(__m256i vector) { +decompress_ciphertext_coefficient_571(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4146,8 +4162,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 4 */ -static __m256i decompress_ciphertext_coefficient_ea_9b1(__m256i vector) { - return decompress_ciphertext_coefficient_8b1(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c1(__m256i vector) { + return decompress_ciphertext_coefficient_571(vector); } /** @@ -4157,7 +4173,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_4_c8(Eurydice_slice serialized) { +deserialize_then_decompress_4_cc(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -4165,7 +4181,7 @@ deserialize_then_decompress_4_c8(Eurydice_slice serialized) { Eurydice_slice bytes = Eurydice_slice_subslice2( serialized, i0 * (size_t)8U, i0 * (size_t)8U + (size_t)8U, uint8_t); __m256i coefficient = libcrux_ml_kem_vector_avx2_deserialize_4_ea(bytes); - re.coefficients[i0] = decompress_ciphertext_coefficient_ea_9b1(coefficient); + re.coefficients[i0] = decompress_ciphertext_coefficient_ea_8c1(coefficient); } return re; } @@ -4177,7 +4193,7 @@ generics - COEFFICIENT_BITS= 5 */ static KRML_MUSTINLINE __m256i -decompress_ciphertext_coefficient_8b2(__m256i vector) { +decompress_ciphertext_coefficient_572(__m256i vector) { __m256i field_modulus = mm256_set1_epi32((int32_t)LIBCRUX_ML_KEM_VECTOR_TRAITS_FIELD_MODULUS); __m256i two_pow_coefficient_bits = @@ -4221,8 +4237,8 @@ libcrux_ml_kem.vector.avx2.decompress_ciphertext_coefficient_ea with const generics - COEFFICIENT_BITS= 5 */ -static __m256i decompress_ciphertext_coefficient_ea_9b2(__m256i vector) { - return decompress_ciphertext_coefficient_8b2(vector); +static __m256i decompress_ciphertext_coefficient_ea_8c2(__m256i vector) { + return decompress_ciphertext_coefficient_572(vector); } /** @@ -4232,7 +4248,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_5_c7(Eurydice_slice serialized) { +deserialize_then_decompress_5_21(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -4241,7 +4257,7 @@ deserialize_then_decompress_5_c7(Eurydice_slice serialized) { serialized, i0 * (size_t)10U, i0 * (size_t)10U + (size_t)10U, uint8_t); re.coefficients[i0] = libcrux_ml_kem_vector_avx2_deserialize_5_ea(bytes); re.coefficients[i0] = - decompress_ciphertext_coefficient_ea_9b2(re.coefficients[i0]); + decompress_ciphertext_coefficient_ea_8c2(re.coefficients[i0]); } return re; } @@ -4253,8 +4269,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_4f(Eurydice_slice serialized) { - return deserialize_then_decompress_4_c8(serialized); +deserialize_then_decompress_ring_element_v_13(Eurydice_slice serialized) { + return deserialize_then_decompress_4_cc(serialized); } /** @@ -4268,7 +4284,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -subtract_reduce_89_e1(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, +subtract_reduce_89_97(libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -4296,7 +4312,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a51( +compute_message_3b1( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -4306,7 +4322,7 @@ compute_message_a51( ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce1(&result, &product);); invert_ntt_montgomery_e61(&result); - result = subtract_reduce_89_e1(v, result); + result = subtract_reduce_89_97(v, result); return result; } @@ -4316,7 +4332,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_66( +static KRML_MUSTINLINE void compress_then_serialize_message_97( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -4368,19 +4384,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c11( +static void decrypt_unpacked_8c1( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_a0 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[3U]; - deserialize_then_decompress_u_1c1(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7a1(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_4f( + deserialize_then_decompress_ring_element_v_13( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a51(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b1(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_66(message, ret0); + compress_then_serialize_message_97(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4431,11 +4447,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_a0 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_c11(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_8c1(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -4464,7 +4480,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4475,11 +4491,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_261( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_a31(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_af1(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -4497,7 +4513,7 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_to_uncompressed_ring_element_35(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_0e(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 re = ZERO_89_9b(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -4518,7 +4534,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_f61( +static KRML_MUSTINLINE void deserialize_secret_key_d71( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; @@ -4535,7 +4551,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f61( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_35(secret_bytes); + deserialize_to_uncompressed_ring_element_0e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -4553,10 +4569,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_491(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_191(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[3U]; - deserialize_secret_key_f61(secret_key, secret_as_ntt); + deserialize_secret_key_d71(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[3U]; memcpy( @@ -4568,7 +4584,7 @@ static void decrypt_491(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c11(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_8c1(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -4594,7 +4610,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b61( +void libcrux_ml_kem_ind_cca_decapsulate_6e1( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -4612,7 +4628,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b61( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_491(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_191(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -4634,7 +4650,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b61( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd3(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -4644,17 +4660,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b61( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_e01(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a31(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9a1(Eurydice_array_to_slice( + kdf_af_be1(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_9a1(shared_secret0, shared_secret); + kdf_af_be1(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -5458,7 +5474,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_54 generate_keypair_unpacked_5c0( +static tuple_54 generate_keypair_unpacked_e80( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e10(key_generation_seed, hashed); @@ -5544,7 +5560,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_a20( +static void closure_a70( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -5576,7 +5592,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_270(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -5584,18 +5600,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_880(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_54 uu____0 = generate_keypair_unpacked_5c0(ind_cpa_keypair_randomness); + tuple_54 uu____0 = generate_keypair_unpacked_e80(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a20(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_a70(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6f(&ind_cpa_public_key.A[j][i1]); + clone_d5_d6(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[4U][4U]; memcpy(uu____2, A, @@ -5987,7 +6003,7 @@ static KRML_MUSTINLINE void compress_then_serialize_11_280( i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { size_t i0 = i; __m256i coefficient = - compress_ea_0e0(to_unsigned_representative_14(re->coefficients[i0])); + compress_ea_9b0(to_unsigned_representative_14(re->coefficients[i0])); uint8_t bytes[22U]; libcrux_ml_kem_vector_avx2_serialize_11_ea(coefficient, bytes); Eurydice_slice uu____0 = Eurydice_array_to_subslice2( @@ -6116,7 +6132,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a30( +static void encrypt_unpacked_af0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -6190,7 +6206,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_01 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -6217,7 +6233,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_a30(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_af0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -6227,7 +6243,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_720( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -6248,7 +6264,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_810(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c10(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6311,7 +6327,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_e00(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a30(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[4U]; deserialize_ring_elements_reduced_a81( @@ -6323,41 +6339,57 @@ static void encrypt_e00(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac0(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[4U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____1 = sample_vector_cbd_then_ntt_080(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_71 uu____3 = + sample_ring_element_cbd_580(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[4U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_01 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_dd2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[4U]; + compute_vector_u_540(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_a30(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_d3(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_f90(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_9b0( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_6d0( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** @@ -6371,7 +6403,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_9a0(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_be0(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -6398,11 +6430,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_410( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_810( + entropy_preprocess_af_c10( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6431,14 +6463,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_e60( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_e00(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a30(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9a0(shared_secret, shared_secret_array); + kdf_af_be0(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -6457,8 +6489,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_u_280(Eurydice_slice serialized) { - return deserialize_then_decompress_11_79(serialized); +deserialize_then_decompress_ring_element_u_0e0(Eurydice_slice serialized) { + return deserialize_then_decompress_11_ec(serialized); } /** @@ -6467,7 +6499,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_b20( +static KRML_MUSTINLINE void ntt_vector_u_c10( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_5a(&zeta_i, re, (size_t)7U); @@ -6492,7 +6524,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1c0( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7a0( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; @@ -6515,8 +6547,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1c0( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_280(u_bytes); - ntt_vector_u_b20(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e0(u_bytes); + ntt_vector_u_c10(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -6530,8 +6562,8 @@ libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -deserialize_then_decompress_ring_element_v_4f0(Eurydice_slice serialized) { - return deserialize_then_decompress_5_c7(serialized); +deserialize_then_decompress_ring_element_v_130(Eurydice_slice serialized) { + return deserialize_then_decompress_5_21(serialized); } /** @@ -6547,7 +6579,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a50( +compute_message_3b0( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -6557,7 +6589,7 @@ compute_message_a50( ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce0(&result, &product);); invert_ntt_montgomery_e60(&result); - result = subtract_reduce_89_e1(v, result); + result = subtract_reduce_89_97(v, result); return result; } @@ -6595,19 +6627,19 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_unpacked_c10( +static void decrypt_unpacked_8c0( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_01 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[4U]; - deserialize_then_decompress_u_1c0(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7a0(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_4f0( + deserialize_then_decompress_ring_element_v_130( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a50(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b0(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_66(message, ret0); + compress_then_serialize_message_97(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6646,12 +6678,12 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_01 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_c10(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_8c0(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -6680,7 +6712,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6691,11 +6723,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_260( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_a30(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_af0(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -6715,7 +6747,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_f60( +static KRML_MUSTINLINE void deserialize_secret_key_d70( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; @@ -6732,7 +6764,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f60( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_35(secret_bytes); + deserialize_to_uncompressed_ring_element_0e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -6750,10 +6782,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_490(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_190(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[4U]; - deserialize_secret_key_f60(secret_key, secret_as_ntt); + deserialize_secret_key_d70(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[4U]; memcpy( @@ -6765,7 +6797,7 @@ static void decrypt_490(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c10(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_8c0(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -6791,7 +6823,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b60( +void libcrux_ml_kem_ind_cca_decapsulate_6e0( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -6810,7 +6842,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_490(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_190(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -6832,7 +6864,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b60( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd1(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -6842,17 +6874,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b60( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_e00(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_a30(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9a0(Eurydice_array_to_slice( + kdf_af_be0(Eurydice_array_to_slice( (size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_9a0(shared_secret0, shared_secret); + kdf_af_be0(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -7649,7 +7681,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c generate_keypair_unpacked_5c( +static tuple_4c generate_keypair_unpacked_e8( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_a9_e1(key_generation_seed, hashed); @@ -7735,7 +7767,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_a2( +static void closure_a7( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_9b();); @@ -7767,7 +7799,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_27(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -7775,18 +7807,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_88(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c uu____0 = generate_keypair_unpacked_5c(ind_cpa_keypair_randomness); + tuple_4c uu____0 = generate_keypair_unpacked_e8(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a2(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_a7(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____1 = - clone_d5_6f(&ind_cpa_public_key.A[j][i1]); + clone_d5_d6(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____2[2U][2U]; memcpy(uu____2, A, @@ -8303,7 +8335,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_a3( +static void encrypt_unpacked_af( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -8377,7 +8409,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_9e( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_d6 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -8404,7 +8436,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_a3(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_af(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -8414,7 +8446,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_72( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -8435,7 +8467,7 @@ with types libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_81(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_c1(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8498,7 +8530,7 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_a3(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 t_as_ntt[2U]; deserialize_ring_elements_reduced_a8( @@ -8510,41 +8542,57 @@ static void encrypt_e0(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_ac(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_t_as_ntt[2U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____1 = sample_vector_cbd_then_ntt_08(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 r_as_ntt[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_74 uu____3 = + sample_ring_element_cbd_58(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_1[2U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_d6 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_a9_dd0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 error_2 = + sample_from_binomial_distribution_730( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u[2U]; + compute_vector_u_54(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_a3(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message_as_ring_element = + deserialize_then_decompress_message_d3(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = + compute_ring_element_v_f9(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); + compress_then_serialize_u_9b( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____6 = v; + compress_then_serialize_ring_element_v_6d( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** @@ -8558,7 +8606,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_9a(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_be(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -8585,11 +8633,11 @@ with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_41( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_81( + entropy_preprocess_af_c1( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8618,14 +8666,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_e6( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_e0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_a3(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_9a(shared_secret, shared_secret_array); + kdf_af_be(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -8649,7 +8697,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_1c( +static KRML_MUSTINLINE void deserialize_then_decompress_u_7a( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; @@ -8672,8 +8720,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_1c( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_28(u_bytes); - ntt_vector_u_b2(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_0e(u_bytes); + ntt_vector_u_c1(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -8693,7 +8741,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_d2 -compute_message_a5( +compute_message_3b( libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 *u_as_ntt) { @@ -8703,7 +8751,7 @@ compute_message_a5( ntt_multiply_89_44(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_ce(&result, &product);); invert_ntt_montgomery_e6(&result); - result = subtract_reduce_89_e1(v, result); + result = subtract_reduce_89_97(v, result); return result; } @@ -8741,19 +8789,19 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_unpacked_c1( +static void decrypt_unpacked_8c( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_d6 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 u_as_ntt[2U]; - deserialize_then_decompress_u_1c(ciphertext, u_as_ntt); + deserialize_then_decompress_u_7a(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 v = - deserialize_then_decompress_ring_element_v_4f( + deserialize_then_decompress_ring_element_v_13( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 message = - compute_message_a5(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_3b(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_66(message, ret0); + compress_then_serialize_message_97(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8792,11 +8840,11 @@ libcrux_ml_kem_hash_functions_avx2_Simd256Hash with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_0f( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_d6 *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; - decrypt_unpacked_c1(&key_pair->private_key.ind_cpa_private_key, + decrypt_unpacked_8c(&key_pair->private_key.ind_cpa_private_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -8825,7 +8873,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8836,11 +8884,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_26( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_a3(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_af(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -8860,7 +8908,7 @@ with types libcrux_ml_kem_vector_avx2_SIMD256Vector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_f6( +static KRML_MUSTINLINE void deserialize_secret_key_d7( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_d2 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; @@ -8877,7 +8925,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_f6( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_d2 uu____0 = - deserialize_to_uncompressed_ring_element_35(secret_bytes); + deserialize_to_uncompressed_ring_element_0e(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -8895,10 +8943,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_19(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_d2 secret_as_ntt[2U]; - deserialize_secret_key_f6(secret_key, secret_as_ntt); + deserialize_secret_key_d7(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_d2 copy_of_secret_as_ntt[2U]; memcpy( @@ -8910,7 +8958,7 @@ static void decrypt_49(Eurydice_slice secret_key, uint8_t *ciphertext, secret_key_unpacked.secret_as_ntt, copy_of_secret_as_ntt, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_d2)); uint8_t ret0[32U]; - decrypt_unpacked_c1(&secret_key_unpacked, ciphertext, ret0); + decrypt_unpacked_8c(&secret_key_unpacked, ciphertext, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -8936,7 +8984,7 @@ with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b6( +void libcrux_ml_kem_ind_cca_decapsulate_6e( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -8954,7 +9002,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_49(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_19(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -8976,7 +9024,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b6( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_a9_dd(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -8986,16 +9034,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_b6( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_e0(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_a3(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_9a(Eurydice_array_to_slice((size_t)32U, + kdf_af_be(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_9a(shared_secret0, shared_secret); + kdf_af_be(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h index af80f721d..ed45eece4 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_avx2.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.c b/libcrux-ml-kem/c/libcrux_mlkem_neon.c index 5a72462c0..f7e24f0e5 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_mlkem_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_mlkem_neon.h b/libcrux-ml-kem/c/libcrux_mlkem_neon.h index 87456599c..e066c6784 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_neon.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem_neon_H diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.c b/libcrux-ml-kem/c/libcrux_mlkem_portable.c index cbd69752e..d2ac40a4f 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.c +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_mlkem_portable.h" @@ -3604,7 +3604,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_540 generate_keypair_unpacked_0f1( +static tuple_540 generate_keypair_unpacked_421( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e41(key_generation_seed, hashed); @@ -3691,7 +3691,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_411( +static void closure_881( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -3707,7 +3707,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_13( +static inline libcrux_ml_kem_polynomial_PolynomialRingElement_f0 clone_d5_84( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 lit; libcrux_ml_kem_vector_portable_vector_type_PortableVector ret[16U]; @@ -3747,7 +3747,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c81(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -3755,18 +3755,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b41(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_540 uu____0 = generate_keypair_unpacked_0f1(ind_cpa_keypair_randomness); + tuple_540 uu____0 = generate_keypair_unpacked_421(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[4U][4U]; - KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_411(A[i]);); + KRML_MAYBE_FOR4(i, (size_t)0U, (size_t)4U, (size_t)1U, closure_881(A[i]);); KRML_MAYBE_FOR4( i0, (size_t)0U, (size_t)4U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR4( i, (size_t)0U, (size_t)4U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[4U][4U]; memcpy(uu____2, A, @@ -4692,7 +4692,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_091( +static void encrypt_unpacked_c51( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { uint8_t prf_input[33U]; @@ -4767,7 +4767,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_de1( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_42 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -4794,7 +4794,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_unpacked_091(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c51(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -4804,7 +4804,7 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b1( uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -4825,7 +4825,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$4size_t]] with const generics - K= 4 */ -static KRML_MUSTINLINE void entropy_preprocess_af_93(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_77(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4889,7 +4889,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_091(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1568U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[4U]; deserialize_ring_elements_reduced_9d3( @@ -4901,41 +4901,57 @@ static void encrypt_dd1(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_051(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[4U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____1 = sample_vector_cbd_then_ntt_a71(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[4U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[4U][4U]; - memcpy(copy_of_A, A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_710 uu____3 = + sample_ring_element_cbd_381(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[4U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)4U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[4U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_42 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_f1_ee4(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[4U]; + compute_vector_u_221(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1568U]; - encrypt_unpacked_091(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1568U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + deserialize_then_decompress_message_6c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + compute_ring_element_v_ba1(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1568U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[4U]; + memcpy( + uu____5, u, + (size_t)4U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + compress_then_serialize_u_621( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, + (size_t)1408U, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + compress_then_serialize_ring_element_v_200( + uu____6, Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, + (size_t)1408U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1568U * sizeof(uint8_t)); } /** @@ -4949,7 +4965,7 @@ with const generics - K= 4 - CIPHERTEXT_SIZE= 1568 */ -static KRML_MUSTINLINE void kdf_af_13(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_11(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -4976,11 +4992,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( +tuple_21 libcrux_ml_kem_ind_cca_encapsulate_8f1( libcrux_ml_kem_types_MlKemPublicKey_1f *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_93( + entropy_preprocess_af_77( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -5009,14 +5025,14 @@ tuple_21 libcrux_ml_kem_ind_cca_encapsulate_411( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1568U]; - encrypt_dd1(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_091(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1568U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1568U * sizeof(uint8_t)); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_141(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec1(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_13(shared_secret, shared_secret_array); + kdf_af_11(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -5072,7 +5088,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_10_43(Eurydice_slice serialized) { +deserialize_then_decompress_10_12(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)20U; i++) { @@ -5132,7 +5148,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_11_6a(Eurydice_slice serialized) { +deserialize_then_decompress_11_3a(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)22U; i++) { @@ -5155,8 +5171,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 11 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_170(Eurydice_slice serialized) { - return deserialize_then_decompress_11_6a(serialized); +deserialize_then_decompress_ring_element_u_a00(Eurydice_slice serialized) { + return deserialize_then_decompress_11_3a(serialized); } /** @@ -5165,7 +5181,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void ntt_vector_u_c00( +static KRML_MUSTINLINE void ntt_vector_u_500( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -5190,7 +5206,7 @@ with const generics - CIPHERTEXT_SIZE= 1568 - U_COMPRESSION_FACTOR= 11 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_471( +static KRML_MUSTINLINE void deserialize_then_decompress_u_d71( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; @@ -5213,8 +5229,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_471( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)11U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_170(u_bytes); - ntt_vector_u_c00(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a00(u_bytes); + ntt_vector_u_500(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -5265,7 +5281,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_4_82(Eurydice_slice serialized) { +deserialize_then_decompress_4_1f(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)8U; i++) { @@ -5325,7 +5341,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_5_89(Eurydice_slice serialized) { +deserialize_then_decompress_5_e2(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)10U; i++) { @@ -5348,8 +5364,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 5 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_210(Eurydice_slice serialized) { - return deserialize_then_decompress_5_89(serialized); +deserialize_then_decompress_ring_element_v_8e0(Eurydice_slice serialized) { + return deserialize_then_decompress_5_e2(serialized); } /** @@ -5363,7 +5379,7 @@ with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -subtract_reduce_89_fc(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, +subtract_reduce_89_7e(libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *self, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 b) { for (size_t i = (size_t)0U; i < LIBCRUX_ML_KEM_POLYNOMIAL_VECTORS_IN_RING_ELEMENT; i++) { @@ -5394,7 +5410,7 @@ with const generics - K= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2f1( +compute_message_601( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -5404,7 +5420,7 @@ compute_message_2f1( ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e81(&result, &product);); invert_ntt_montgomery_951(&result); - result = subtract_reduce_89_fc(v, result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -5414,7 +5430,7 @@ libcrux_ml_kem.serialize.compress_then_serialize_message with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ -static KRML_MUSTINLINE void compress_then_serialize_message_2e( +static KRML_MUSTINLINE void compress_then_serialize_message_15( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re, uint8_t ret[32U]) { uint8_t serialized[32U] = {0U}; KRML_MAYBE_FOR16( @@ -5472,15 +5488,15 @@ static void decrypt_unpacked_821( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_42 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[4U]; - deserialize_then_decompress_u_471(ciphertext, u_as_ntt); + deserialize_then_decompress_u_d71(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_210( + deserialize_then_decompress_ring_element_v_8e0( Eurydice_array_to_subslice_from((size_t)1568U, ciphertext, (size_t)1408U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2f1(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_601(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2e(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -5532,7 +5548,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c1( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_42 *key_pair, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5566,7 +5582,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5577,11 +5593,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_441( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_unpacked_091(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c51(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -5599,7 +5615,7 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_to_uncompressed_ring_element_61(Eurydice_slice serialized) { +deserialize_to_uncompressed_ring_element_22(Eurydice_slice serialized) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 re = ZERO_89_8d(); for (size_t i = (size_t)0U; i < Eurydice_slice_len(serialized, uint8_t) / (size_t)24U; i++) { @@ -5622,7 +5638,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 4 */ -static KRML_MUSTINLINE void deserialize_secret_key_281( +static KRML_MUSTINLINE void deserialize_secret_key_bb1( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[4U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; @@ -5639,7 +5655,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_281( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_61(secret_bytes); + deserialize_to_uncompressed_ring_element_22(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -5657,10 +5673,10 @@ with const generics - U_COMPRESSION_FACTOR= 11 - V_COMPRESSION_FACTOR= 5 */ -static void decrypt_691(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_501(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[4U]; - deserialize_secret_key_281(secret_key, secret_as_ntt); + deserialize_secret_key_bb1(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[4U]; memcpy( @@ -5698,7 +5714,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1600 */ -void libcrux_ml_kem_ind_cca_decapsulate_b21( +void libcrux_ml_kem_ind_cca_decapsulate_811( libcrux_ml_kem_types_MlKemPrivateKey_95 *private_key, libcrux_ml_kem_mlkem1024_MlKem1024Ciphertext *ciphertext, uint8_t ret[32U]) { @@ -5717,7 +5733,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b21( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_691(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_501(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -5739,7 +5755,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b21( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1600U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b41(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee3(Eurydice_array_to_slice((size_t)1600U, to_hash, uint8_t), @@ -5749,17 +5765,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b21( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1568U]; - encrypt_dd1(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_091(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_13(Eurydice_array_to_slice((size_t)32U, + kdf_af_11(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_13(shared_secret0, shared_secret); + kdf_af_11(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd1(ciphertext), + libcrux_ml_kem_types_as_ref_00_b41(ciphertext), Eurydice_array_to_slice((size_t)1568U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -6552,7 +6568,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static tuple_4c0 generate_keypair_unpacked_0f0( +static tuple_4c0 generate_keypair_unpacked_420( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e40(key_generation_seed, hashed); @@ -6639,7 +6655,7 @@ generics - ETA1= 3 - ETA1_RANDOMNESS_SIZE= 192 */ -static void closure_410( +static void closure_880( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -6672,7 +6688,7 @@ generics - ETA1_RANDOMNESS_SIZE= 192 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c80(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -6680,18 +6696,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b40(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_4c0 uu____0 = generate_keypair_unpacked_0f0(ind_cpa_keypair_randomness); + tuple_4c0 uu____0 = generate_keypair_unpacked_420(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[2U][2U]; - KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_410(A[i]);); + KRML_MAYBE_FOR2(i, (size_t)0U, (size_t)2U, (size_t)1U, closure_880(A[i]);); KRML_MAYBE_FOR2( i0, (size_t)0U, (size_t)2U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR2( i, (size_t)0U, (size_t)2U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[2U][2U]; memcpy(uu____2, A, @@ -7248,7 +7264,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_090( +static void encrypt_unpacked_c50( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { uint8_t prf_input[33U]; @@ -7323,7 +7339,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_de0( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_ae *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -7350,7 +7366,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_unpacked_090(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c50(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -7360,7 +7376,7 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b0( uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -7381,7 +7397,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$2size_t]] with const generics - K= 2 */ -static KRML_MUSTINLINE void entropy_preprocess_af_ca(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_cc(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7445,7 +7461,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_090(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[768U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[2U]; deserialize_ring_elements_reduced_9d1( @@ -7457,41 +7473,57 @@ static void encrypt_dd0(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_050(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[2U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____1 = sample_vector_cbd_then_ntt_a70(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[2U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[2U][2U]; - memcpy(copy_of_A, A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_740 uu____3 = + sample_ring_element_cbd_380(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[2U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)2U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[2U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_ae *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_f1_ee2(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[2U]; + compute_vector_u_220(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[768U]; - encrypt_unpacked_090(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)768U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + deserialize_then_decompress_message_6c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + compute_ring_element_v_ba0(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[768U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[2U]; + memcpy( + uu____5, u, + (size_t)2U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + compress_then_serialize_u_620( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)640U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)768U, ciphertext, + (size_t)640U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)768U * sizeof(uint8_t)); } /** @@ -7505,7 +7537,7 @@ with const generics - K= 2 - CIPHERTEXT_SIZE= 768 */ -static KRML_MUSTINLINE void kdf_af_6d(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_04(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -7532,11 +7564,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( +tuple_ec libcrux_ml_kem_ind_cca_encapsulate_8f0( libcrux_ml_kem_types_MlKemPublicKey_be *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_ca( + entropy_preprocess_af_cc( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -7565,14 +7597,14 @@ tuple_ec libcrux_ml_kem_ind_cca_encapsulate_410( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[768U]; - encrypt_dd0(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_090(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[768U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)768U * sizeof(uint8_t)); libcrux_ml_kem_types_MlKemCiphertext_e8 ciphertext0 = - libcrux_ml_kem_types_from_01_14(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_6d(shared_secret, shared_secret_array); + kdf_af_04(shared_secret, shared_secret_array); libcrux_ml_kem_types_MlKemCiphertext_e8 uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -7591,8 +7623,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 10 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_u_17(Eurydice_slice serialized) { - return deserialize_then_decompress_10_43(serialized); +deserialize_then_decompress_ring_element_u_a0(Eurydice_slice serialized) { + return deserialize_then_decompress_10_12(serialized); } /** @@ -7601,7 +7633,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - VECTOR_U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void ntt_vector_u_c0( +static KRML_MUSTINLINE void ntt_vector_u_50( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *re) { size_t zeta_i = (size_t)0U; ntt_at_layer_4_plus_39(&zeta_i, re, (size_t)7U); @@ -7626,7 +7658,7 @@ with const generics - CIPHERTEXT_SIZE= 768 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_470( +static KRML_MUSTINLINE void deserialize_then_decompress_u_d70( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; @@ -7649,8 +7681,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_470( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); - ntt_vector_u_c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a0(u_bytes); + ntt_vector_u_50(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -7664,8 +7696,8 @@ libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - COMPRESSION_FACTOR= 4 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -deserialize_then_decompress_ring_element_v_21(Eurydice_slice serialized) { - return deserialize_then_decompress_4_82(serialized); +deserialize_then_decompress_ring_element_v_8e(Eurydice_slice serialized) { + return deserialize_then_decompress_4_1f(serialized); } /** @@ -7681,7 +7713,7 @@ with const generics - K= 2 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2f0( +compute_message_600( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -7691,7 +7723,7 @@ compute_message_2f0( ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e80(&result, &product);); invert_ntt_montgomery_950(&result); - result = subtract_reduce_89_fc(v, result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -7733,15 +7765,15 @@ static void decrypt_unpacked_820( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_ae *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[2U]; - deserialize_then_decompress_u_470(ciphertext, u_as_ntt); + deserialize_then_decompress_u_d70(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_21( + deserialize_then_decompress_ring_element_v_8e( Eurydice_array_to_subslice_from((size_t)768U, ciphertext, (size_t)640U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2f0(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_600(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2e(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -7781,7 +7813,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c0( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_ae *key_pair, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -7814,7 +7846,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7825,11 +7857,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_440( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_unpacked_090(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c50(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -7849,7 +7881,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 2 */ -static KRML_MUSTINLINE void deserialize_secret_key_280( +static KRML_MUSTINLINE void deserialize_secret_key_bb0( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[2U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; @@ -7866,7 +7898,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_280( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_61(secret_bytes); + deserialize_to_uncompressed_ring_element_22(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -7884,10 +7916,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_690(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_500(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[2U]; - deserialize_secret_key_280(secret_key, secret_as_ntt); + deserialize_secret_key_bb0(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[2U]; memcpy( @@ -7925,7 +7957,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 800 */ -void libcrux_ml_kem_ind_cca_decapsulate_b20( +void libcrux_ml_kem_ind_cca_decapsulate_810( libcrux_ml_kem_types_MlKemPrivateKey_5e *private_key, libcrux_ml_kem_types_MlKemCiphertext_e8 *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -7943,7 +7975,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b20( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_690(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_500(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -7965,7 +7997,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b20( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)800U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b4(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee1(Eurydice_array_to_slice((size_t)800U, to_hash, uint8_t), @@ -7975,17 +8007,17 @@ void libcrux_ml_kem_ind_cca_decapsulate_b20( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[768U]; - encrypt_dd0(uu____5, copy_of_decrypted, pseudorandomness, + encrypt_090(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_6d(Eurydice_array_to_slice((size_t)32U, + kdf_af_04(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_6d(shared_secret0, shared_secret); + kdf_af_04(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd(ciphertext), + libcrux_ml_kem_types_as_ref_00_b4(ciphertext), Eurydice_array_to_slice((size_t)768U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, @@ -8767,7 +8799,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static tuple_9b generate_keypair_unpacked_0f( +static tuple_9b generate_keypair_unpacked_42( Eurydice_slice key_generation_seed) { uint8_t hashed[64U]; G_f1_e4(key_generation_seed, hashed); @@ -8854,7 +8886,7 @@ generics - ETA1= 2 - ETA1_RANDOMNESS_SIZE= 128 */ -static void closure_41( +static void closure_88( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, ret[i] = ZERO_89_8d();); @@ -8887,7 +8919,7 @@ generics - ETA1_RANDOMNESS_SIZE= 128 */ libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 -libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { +libcrux_ml_kem_ind_cca_generate_keypair_unpacked_c8(uint8_t randomness[64U]) { Eurydice_slice ind_cpa_keypair_randomness = Eurydice_array_to_subslice2( randomness, (size_t)0U, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t); @@ -8895,18 +8927,18 @@ libcrux_ml_kem_ind_cca_generate_keypair_unpacked_b4(uint8_t randomness[64U]) { (size_t)64U, randomness, LIBCRUX_ML_KEM_CONSTANTS_CPA_PKE_KEY_GENERATION_SEED_SIZE, uint8_t, size_t); - tuple_9b uu____0 = generate_keypair_unpacked_0f(ind_cpa_keypair_randomness); + tuple_9b uu____0 = generate_keypair_unpacked_42(ind_cpa_keypair_randomness); libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 ind_cpa_private_key = uu____0.fst; libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 ind_cpa_public_key = uu____0.snd; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 A[3U][3U]; - KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_41(A[i]);); + KRML_MAYBE_FOR3(i, (size_t)0U, (size_t)3U, (size_t)1U, closure_88(A[i]);); KRML_MAYBE_FOR3( i0, (size_t)0U, (size_t)3U, (size_t)1U, size_t i1 = i0; KRML_MAYBE_FOR3( i, (size_t)0U, (size_t)3U, (size_t)1U, size_t j = i; libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____1 = - clone_d5_13(&ind_cpa_public_key.A[j][i1]); + clone_d5_84(&ind_cpa_public_key.A[j][i1]); A[i1][j] = uu____1;);); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____2[3U][3U]; memcpy(uu____2, A, @@ -9381,7 +9413,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_unpacked_09( +static void encrypt_unpacked_c5( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { uint8_t prf_input[33U]; @@ -9456,7 +9488,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_de( libcrux_ml_kem_ind_cca_unpacked_MlKemPublicKeyUnpacked_f8 *public_key, uint8_t randomness[32U]) { uint8_t to_hash[64U]; @@ -9483,7 +9515,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_unpacked_09(uu____2, copy_of_randomness, pseudorandomness, + encrypt_unpacked_c5(uu____2, copy_of_randomness, pseudorandomness, ciphertext); uint8_t shared_secret_array[32U] = {0U}; Eurydice_slice_copy( @@ -9493,7 +9525,7 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_unpacked_4b( uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; memcpy(copy_of_shared_secret_array, shared_secret_array, @@ -9514,7 +9546,7 @@ with types libcrux_ml_kem_hash_functions_portable_PortableHash[[$3size_t]] with const generics - K= 3 */ -static KRML_MUSTINLINE void entropy_preprocess_af_4c(Eurydice_slice randomness, +static KRML_MUSTINLINE void entropy_preprocess_af_75(Eurydice_slice randomness, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9578,7 +9610,7 @@ generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], +static void encrypt_09(Eurydice_slice public_key, uint8_t message[32U], Eurydice_slice randomness, uint8_t ret[1088U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 t_as_ntt[3U]; deserialize_ring_elements_reduced_9d( @@ -9590,41 +9622,57 @@ static void encrypt_dd(Eurydice_slice public_key, uint8_t message[32U], uint8_t ret0[34U]; libcrux_ml_kem_utils_into_padded_array_ea1(seed, ret0); sample_matrix_A_05(ret0, false, A); - uint8_t seed_for_A[32U]; - core_result_Result_00 dst; - Eurydice_slice_to_array2(&dst, seed, Eurydice_slice, uint8_t[32U]); - core_result_unwrap_41_83(dst, seed_for_A); + uint8_t prf_input[33U]; + libcrux_ml_kem_utils_into_padded_array_ea2(randomness, prf_input); /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_t_as_ntt[3U]; + uint8_t copy_of_prf_input0[33U]; + memcpy(copy_of_prf_input0, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____1 = sample_vector_cbd_then_ntt_a7(copy_of_prf_input0, 0U); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 r_as_ntt[3U]; memcpy( - copy_of_t_as_ntt, t_as_ntt, + r_as_ntt, uu____1.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + uint8_t domain_separator0 = uu____1.snd; /* Passing arrays by value in Rust generates a copy in C */ - libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_A[3U][3U]; - memcpy(copy_of_A, A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - /* Passing arrays by value in Rust generates a copy in C */ - uint8_t copy_of_seed_for_A[32U]; - memcpy(copy_of_seed_for_A, seed_for_A, (size_t)32U * sizeof(uint8_t)); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 - public_key_unpacked; + uint8_t copy_of_prf_input[33U]; + memcpy(copy_of_prf_input, prf_input, (size_t)33U * sizeof(uint8_t)); + tuple_b0 uu____3 = + sample_ring_element_cbd_38(copy_of_prf_input, domain_separator0); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_1[3U]; memcpy( - public_key_unpacked.t_as_ntt, copy_of_t_as_ntt, + error_1, uu____3.fst, (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); - memcpy(public_key_unpacked.seed_for_A, copy_of_seed_for_A, - (size_t)32U * sizeof(uint8_t)); - memcpy(public_key_unpacked.A, copy_of_A, - (size_t)3U * - sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0[3U])); - libcrux_ml_kem_ind_cpa_unpacked_IndCpaPublicKeyUnpacked_f8 *uu____3 = - &public_key_unpacked; + uint8_t domain_separator = uu____3.snd; + prf_input[32U] = domain_separator; + uint8_t prf_output[128U]; + PRF_f1_ee0(Eurydice_array_to_slice((size_t)33U, prf_input, uint8_t), + prf_output); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 error_2 = + sample_from_binomial_distribution_34( + Eurydice_array_to_slice((size_t)128U, prf_output, uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u[3U]; + compute_vector_u_22(A, r_as_ntt, error_1, u); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_message[32U]; memcpy(copy_of_message, message, (size_t)32U * sizeof(uint8_t)); - uint8_t ret1[1088U]; - encrypt_unpacked_09(uu____3, copy_of_message, randomness, ret1); - memcpy(ret, ret1, (size_t)1088U * sizeof(uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message_as_ring_element = + deserialize_then_decompress_message_6c(copy_of_message); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = + compute_ring_element_v_ba(t_as_ntt, r_as_ntt, &error_2, + &message_as_ring_element); + uint8_t ciphertext[1088U] = {0U}; + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____5[3U]; + memcpy( + uu____5, u, + (size_t)3U * sizeof(libcrux_ml_kem_polynomial_PolynomialRingElement_f0)); + compress_then_serialize_u_62( + uu____5, Eurydice_array_to_subslice2(ciphertext, (size_t)0U, (size_t)960U, + uint8_t)); + libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____6 = v; + compress_then_serialize_ring_element_v_20( + uu____6, Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, + (size_t)960U, uint8_t, size_t)); + memcpy(ret, ciphertext, (size_t)1088U * sizeof(uint8_t)); } /** @@ -9638,7 +9686,7 @@ with const generics - K= 3 - CIPHERTEXT_SIZE= 1088 */ -static KRML_MUSTINLINE void kdf_af_08(Eurydice_slice shared_secret, +static KRML_MUSTINLINE void kdf_af_73(Eurydice_slice shared_secret, uint8_t ret[32U]) { uint8_t out[32U] = {0U}; Eurydice_slice_copy(Eurydice_array_to_slice((size_t)32U, out, uint8_t), @@ -9665,11 +9713,11 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2= 2 - ETA2_RANDOMNESS_SIZE= 128 */ -tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( +tuple_3c libcrux_ml_kem_ind_cca_encapsulate_8f( libcrux_ml_kem_types_MlKemPublicKey_15 *public_key, uint8_t randomness[32U]) { uint8_t randomness0[32U]; - entropy_preprocess_af_4c( + entropy_preprocess_af_75( Eurydice_array_to_slice((size_t)32U, randomness, uint8_t), randomness0); uint8_t to_hash[64U]; libcrux_ml_kem_utils_into_padded_array_ea( @@ -9698,14 +9746,14 @@ tuple_3c libcrux_ml_kem_ind_cca_encapsulate_41( uint8_t copy_of_randomness[32U]; memcpy(copy_of_randomness, randomness0, (size_t)32U * sizeof(uint8_t)); uint8_t ciphertext[1088U]; - encrypt_dd(uu____2, copy_of_randomness, pseudorandomness, ciphertext); + encrypt_09(uu____2, copy_of_randomness, pseudorandomness, ciphertext); /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_ciphertext[1088U]; memcpy(copy_of_ciphertext, ciphertext, (size_t)1088U * sizeof(uint8_t)); libcrux_ml_kem_mlkem768_MlKem768Ciphertext ciphertext0 = - libcrux_ml_kem_types_from_01_140(copy_of_ciphertext); + libcrux_ml_kem_types_from_01_ec0(copy_of_ciphertext); uint8_t shared_secret_array[32U]; - kdf_af_08(shared_secret, shared_secret_array); + kdf_af_73(shared_secret, shared_secret_array); libcrux_ml_kem_mlkem768_MlKem768Ciphertext uu____5 = ciphertext0; /* Passing arrays by value in Rust generates a copy in C */ uint8_t copy_of_shared_secret_array[32U]; @@ -9729,7 +9777,7 @@ with const generics - CIPHERTEXT_SIZE= 1088 - U_COMPRESSION_FACTOR= 10 */ -static KRML_MUSTINLINE void deserialize_then_decompress_u_47( +static KRML_MUSTINLINE void deserialize_then_decompress_u_d7( uint8_t *ciphertext, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; @@ -9752,8 +9800,8 @@ static KRML_MUSTINLINE void deserialize_then_decompress_u_47( LIBCRUX_ML_KEM_CONSTANTS_COEFFICIENTS_IN_RING_ELEMENT * (size_t)10U / (size_t)8U, uint8_t); - u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_17(u_bytes); - ntt_vector_u_c0(&u_as_ntt[i0]); + u_as_ntt[i0] = deserialize_then_decompress_ring_element_u_a0(u_bytes); + ntt_vector_u_50(&u_as_ntt[i0]); } memcpy( ret, u_as_ntt, @@ -9773,7 +9821,7 @@ with const generics - K= 3 */ static KRML_MUSTINLINE libcrux_ml_kem_polynomial_PolynomialRingElement_f0 -compute_message_2f( +compute_message_60( libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *v, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *secret_as_ntt, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 *u_as_ntt) { @@ -9783,7 +9831,7 @@ compute_message_2f( ntt_multiply_89_17(&secret_as_ntt[i0], &u_as_ntt[i0]); add_to_ring_element_89_e8(&result, &product);); invert_ntt_montgomery_95(&result); - result = subtract_reduce_89_fc(v, result); + result = subtract_reduce_89_7e(v, result); return result; } @@ -9825,15 +9873,15 @@ static void decrypt_unpacked_82( libcrux_ml_kem_ind_cpa_unpacked_IndCpaPrivateKeyUnpacked_f8 *secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 u_as_ntt[3U]; - deserialize_then_decompress_u_47(ciphertext, u_as_ntt); + deserialize_then_decompress_u_d7(ciphertext, u_as_ntt); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 v = - deserialize_then_decompress_ring_element_v_21( + deserialize_then_decompress_ring_element_v_8e( Eurydice_array_to_subslice_from((size_t)1088U, ciphertext, (size_t)960U, uint8_t, size_t)); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 message = - compute_message_2f(&v, secret_key->secret_as_ntt, u_as_ntt); + compute_message_60(&v, secret_key->secret_as_ntt, u_as_ntt); uint8_t ret0[32U]; - compress_then_serialize_message_2e(message, ret0); + compress_then_serialize_message_15(message, ret0); memcpy(ret, ret0, (size_t)32U * sizeof(uint8_t)); } @@ -9873,7 +9921,7 @@ generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( +void libcrux_ml_kem_ind_cca_decapsulate_unpacked_2c( libcrux_ml_kem_ind_cca_unpacked_MlKemKeyPairUnpacked_f8 *key_pair, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { uint8_t decrypted[32U]; @@ -9906,7 +9954,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( Eurydice_slice uu____2 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____2, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -9917,11 +9965,11 @@ void libcrux_ml_kem_ind_cca_decapsulate_unpacked_44( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_unpacked_09(uu____3, copy_of_decrypted, pseudorandomness, + encrypt_unpacked_c5(uu____3, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t selector = libcrux_ml_kem_constant_time_ops_compare_ciphertexts_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t)); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_select_shared_secret_in_constant_time( @@ -9941,7 +9989,7 @@ with types libcrux_ml_kem_vector_portable_vector_type_PortableVector with const generics - K= 3 */ -static KRML_MUSTINLINE void deserialize_secret_key_28( +static KRML_MUSTINLINE void deserialize_secret_key_bb( Eurydice_slice secret_key, libcrux_ml_kem_polynomial_PolynomialRingElement_f0 ret[3U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; @@ -9958,7 +10006,7 @@ static KRML_MUSTINLINE void deserialize_secret_key_28( LIBCRUX_ML_KEM_CONSTANTS_BYTES_PER_RING_ELEMENT, uint8_t); libcrux_ml_kem_polynomial_PolynomialRingElement_f0 uu____0 = - deserialize_to_uncompressed_ring_element_61(secret_bytes); + deserialize_to_uncompressed_ring_element_22(secret_bytes); secret_as_ntt[i0] = uu____0; } memcpy( @@ -9976,10 +10024,10 @@ with const generics - U_COMPRESSION_FACTOR= 10 - V_COMPRESSION_FACTOR= 4 */ -static void decrypt_69(Eurydice_slice secret_key, uint8_t *ciphertext, +static void decrypt_50(Eurydice_slice secret_key, uint8_t *ciphertext, uint8_t ret[32U]) { libcrux_ml_kem_polynomial_PolynomialRingElement_f0 secret_as_ntt[3U]; - deserialize_secret_key_28(secret_key, secret_as_ntt); + deserialize_secret_key_bb(secret_key, secret_as_ntt); /* Passing arrays by value in Rust generates a copy in C */ libcrux_ml_kem_polynomial_PolynomialRingElement_f0 copy_of_secret_as_ntt[3U]; memcpy( @@ -10017,7 +10065,7 @@ libcrux_ml_kem_ind_cca_MlKem with const generics - ETA2_RANDOMNESS_SIZE= 128 - IMPLICIT_REJECTION_HASH_INPUT_SIZE= 1120 */ -void libcrux_ml_kem_ind_cca_decapsulate_b2( +void libcrux_ml_kem_ind_cca_decapsulate_81( libcrux_ml_kem_types_MlKemPrivateKey_55 *private_key, libcrux_ml_kem_mlkem768_MlKem768Ciphertext *ciphertext, uint8_t ret[32U]) { Eurydice_slice_uint8_t_x2 uu____0 = Eurydice_slice_split_at( @@ -10035,7 +10083,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b2( Eurydice_slice ind_cpa_public_key_hash = uu____2.fst; Eurydice_slice implicit_rejection_value = uu____2.snd; uint8_t decrypted[32U]; - decrypt_69(ind_cpa_secret_key, ciphertext->value, decrypted); + decrypt_50(ind_cpa_secret_key, ciphertext->value, decrypted); uint8_t to_hash0[64U]; libcrux_ml_kem_utils_into_padded_array_ea( Eurydice_array_to_slice((size_t)32U, decrypted, uint8_t), to_hash0); @@ -10057,7 +10105,7 @@ void libcrux_ml_kem_ind_cca_decapsulate_b2( Eurydice_slice uu____4 = Eurydice_array_to_subslice_from( (size_t)1120U, to_hash, LIBCRUX_ML_KEM_CONSTANTS_SHARED_SECRET_SIZE, uint8_t, size_t); - Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + Eurydice_slice_copy(uu____4, libcrux_ml_kem_types_as_ref_00_b40(ciphertext), uint8_t); uint8_t implicit_rejection_shared_secret0[32U]; PRF_f1_ee(Eurydice_array_to_slice((size_t)1120U, to_hash, uint8_t), @@ -10067,16 +10115,16 @@ void libcrux_ml_kem_ind_cca_decapsulate_b2( uint8_t copy_of_decrypted[32U]; memcpy(copy_of_decrypted, decrypted, (size_t)32U * sizeof(uint8_t)); uint8_t expected_ciphertext[1088U]; - encrypt_dd(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); + encrypt_09(uu____5, copy_of_decrypted, pseudorandomness, expected_ciphertext); uint8_t implicit_rejection_shared_secret[32U]; - kdf_af_08(Eurydice_array_to_slice((size_t)32U, + kdf_af_73(Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret0, uint8_t), implicit_rejection_shared_secret); uint8_t shared_secret[32U]; - kdf_af_08(shared_secret0, shared_secret); + kdf_af_73(shared_secret0, shared_secret); uint8_t ret0[32U]; libcrux_ml_kem_constant_time_ops_compare_ciphertexts_select_shared_secret_in_constant_time( - libcrux_ml_kem_types_as_ref_00_dd0(ciphertext), + libcrux_ml_kem_types_as_ref_00_b40(ciphertext), Eurydice_array_to_slice((size_t)1088U, expected_ciphertext, uint8_t), Eurydice_array_to_slice((size_t)32U, shared_secret, uint8_t), Eurydice_array_to_slice((size_t)32U, implicit_rejection_shared_secret, diff --git a/libcrux-ml-kem/c/libcrux_mlkem_portable.h b/libcrux-ml-kem/c/libcrux_mlkem_portable.h index b345560f3..ab2e72412 100644 --- a/libcrux-ml-kem/c/libcrux_mlkem_portable.h +++ b/libcrux-ml-kem/c/libcrux_mlkem_portable.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_mlkem_portable_H diff --git a/libcrux-ml-kem/c/libcrux_sha3.h b/libcrux-ml-kem/c/libcrux_sha3.h index 4b687c6e4..840bfcb9a 100644 --- a/libcrux-ml-kem/c/libcrux_sha3.h +++ b/libcrux-ml-kem/c/libcrux_sha3.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.c b/libcrux-ml-kem/c/libcrux_sha3_avx2.c index 45c073926..d9f06d3ce 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.c +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "internal/libcrux_sha3_avx2.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_avx2.h b/libcrux-ml-kem/c/libcrux_sha3_avx2.h index 775fd2fe0..1348c2b96 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_avx2.h +++ b/libcrux-ml-kem/c/libcrux_sha3_avx2.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_avx2_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_internal.h b/libcrux-ml-kem/c/libcrux_sha3_internal.h index 3f1586149..7bed880f5 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_internal.h +++ b/libcrux-ml-kem/c/libcrux_sha3_internal.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_internal_H diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.c b/libcrux-ml-kem/c/libcrux_sha3_neon.c index 21b8d1d44..a66762532 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.c +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.c @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #include "libcrux_sha3_neon.h" diff --git a/libcrux-ml-kem/c/libcrux_sha3_neon.h b/libcrux-ml-kem/c/libcrux_sha3_neon.h index fc14ae7e7..805558782 100644 --- a/libcrux-ml-kem/c/libcrux_sha3_neon.h +++ b/libcrux-ml-kem/c/libcrux_sha3_neon.h @@ -8,7 +8,7 @@ * Eurydice: e66abbc2119485abfafa17c1911bdbdada5b04f3 * Karamel: 7862fdc3899b718d39ec98568f78ec40592a622a * F*: a32b316e521fa4f239b610ec8f1d15e78d62cbe8-dirty - * Libcrux: a62ef07ccb67d179e447b66adec9d950131cb20b + * Libcrux: 322297aa4545eea6f5ba5d5fdd1565a790e5f726 */ #ifndef __libcrux_sha3_neon_H